Abstract
This paper describes the development of a flexible Role Based Access Control (RBAC) authorisation module – the Shibboleth and Apache Authorisation Module (SAAM) which is based on the PERMIS privilege management infrastructure. It explains how the module can work with the Apache web server, with or without Shibboleth. We argue that this can effectively improve the level of trust and flexibility of access control for the Shibboleth architecture and the Apache web server, as well as provide a finer grained level of control over web resources.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Cantor, S.: Shibboleth Architecture, Protocols and Profiles, Working Draft 02 (September 22, 2004), see http://shibboleth.internet2.edu/
Chadwick, D.W., Otenko, A., Ball, E.: Role-based access control with X.509 attribute certificates. In: IEEE Internet Computing, pp. 62–69 (March-April 2003)
ISO 9594-8/ITU-T Rec. X.509, The Directory: Public-key and attribute certificate frameworks (2001)
Chadwick, D.W., Otenko, A., Welch, V.: Using SAML to link the GLOBUS toolkit to the PERMIS authorisation infrastructure. In: Proceedings of Eighth Annual IFIP TC-6 TC-11 Conference on Communications and Multimedia Security, Windermere, UK, September 15-18, pp. 251–261 (2004)
OASIS. Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.1 (September 2, 2003)
Chadwick, D.W., Otenko, A.: RBAC Policies in XML for X.509 Based Privilege Management. In: Ghonaimy, M.A., El-Hadidi, M.T., Aslan, H.K. (eds.) Security in the Information Society: Visions and Perspectives: IFIP TC11 17th Int. Conf. On Information Security (SEC 2002), Cairo, Egypt, May 7-9, pp. 39–53. Kluwer Academic Publishers, Dordrecht (2002)
The Apache Software Foundation, http://httpd.apache.org/
Chadwick, D.W., Otenko, A., Xu, W.: Adding Distributed Trust Management to Shibboleth. In: Proceedings of 4th Annual PKI R&D Workshop: Multiple Paths to Trust, NIST, Gaithersburg, MD, April 19-21 (2005)
Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST Model for Role Based Access Control: Towards a Unified Standard. In: Proceedings of 5th ACM Workshop on Role-Based Access Control, Berlin, Germany, pp. 47–63 (July 2000)
Wahl, M., Howes, T., Kille, S.: Lightweight Directory Access Protocol (v3), RFC 2251 (December 1997)
Ferraiolo, D., Barkley, J., Kuhn, R.: A role-based access control model and reference implementation within a corporate internet. ACM Transactions on Information and System Security 2(1), 34–64 (1999)
Joon, S.P., Sandhu, R., Ahn, G.: Role-based access control on the web. ACM Transactions on Information and System Security 4(1), 37–71 (2001)
Park, J.S., Sandhu, R.: RBAC on the Web by smart certificates. In: Proceedings of 4th ACM workshop on role-based access control RBAC 1999, Fairfax, VA, October 28-29. ACM, New York (1999)
ITU-T Rec X.812 (1995) ISO/IEC 10181-3:1996. Security Frameworks for open systems: Access control framework
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Xu, W., Chadwick, D.W., Otenko, S. (2005). Development of a Flexible PERMIS Authorisation Module for Shibboleth and Apache Server. In: Chadwick, D., Zhao, G. (eds) Public Key Infrastructure. EuroPKI 2005. Lecture Notes in Computer Science, vol 3545. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11533733_11
Download citation
DOI: https://doi.org/10.1007/11533733_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28062-0
Online ISBN: 978-3-540-31585-8
eBook Packages: Computer ScienceComputer Science (R0)