Abstract
Role-based Access Control (RBAC) appears to be the most appropriate technique for access control to minimize the errors likely to occur in managing users and network resources. It can also reduce management costs. In this paper, we show a method for implementing access control for Web documents without modification of the Web server or Web browser, unlike other methods. The access control of Web documents in existing Web servers is based on directories and files, and depends on Access Control Lists defined in the configuration files of the Web servers. This method cannot realize access control according to the user access permission, based on the Web document content. We also propose a Public Layer and a Protected Layer for more secure Web document storage. Finally, we achieve a fine-grained Web document access control method according to the access permissions granted to the user’s role in each Web server in environments of multiple Web servers.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
James B.D. Joshi, Walid G. Aref, Arif Ghafoor, and Eugene H. Spafford, “Security Models for Web-based Applications”, Communications of the ACM, 2001
James B.D. Joshi, Walid G. Aref, Arif Ghafoor, and Eugene H. Spafford, “Digital Government Security Infrastructure Design Challenges”, IEEE Computer, 2001
J. F. Barkely, A. V. Cincotta, D. F. Ferraiolo, S. Gavrilla and D. R. Kuhn, “Role Based Access Control For the World Wide Web”, 20th NCSC, 1997.
Joon S. Park and Ravi Sandhu, “RBAC on the web by smart certificates”, Proc. of 4th ACM Workshop on Role-Based Access Control, 1999.
Kahan, J., “A capability-based authorization model for the World Wide Web”, Proc. of the 3rd WWW Conference, 1995
Larry S. Bartz, “hyperDRIVE: Leveraging LDAP to implement rbac on the web”, 2nd ACM Workshop on Role-Based Access Control., 1997.
Lavenant, M.G. and Kruper, J.A., “The Phoenix Project: distributed hypermedia authoring”, Proc. of the 1st WWW Conference, 1994
Lewontin, S., “The DCE Web Toolkit: enhancing WWW protocols with lower-layer service”, Proc. of the 3rd WWW Conference, 1995
Ravi Sandhu and Joon S. Park, “Secure Cookies on the Web”, IEEE Internet Computing, July–August, 2000.
Ravi Sandhu, David Ferraiolo and Richard Kuhn, “The NIST Model for Role-Based Access Control: Toward A Unified Standard”, Proc. of the Fifth ACM Wrokshop on Role-Based Access Control, 2000.
Ravi Sandhu, E. Coyne, H. Feinstein, and C. Younman, “Role-Based Access Control Models”, IEEE Computer Magazine Vol. 29, 1996.
Ravi Sandhu and Joon S. Park, “Secure Cookies on the Web”, IEEE Internet Computing, July–August, 2000.
Zahir Tari and Shun-Wu Chan, “A role-based access control for intranet security”, IEEE Internet Computing, September/October 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shim, W.B., Park, S. (2002). Web Document Access Control Using Two-Layered Storage Structures with RBAC Server. In: Shafazand, H., Tjoa, A.M. (eds) EurAsia-ICT 2002: Information and Communication Technology. EurAsia-ICT 2002. Lecture Notes in Computer Science, vol 2510. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36087-5_26
Download citation
DOI: https://doi.org/10.1007/3-540-36087-5_26
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00028-0
Online ISBN: 978-3-540-36087-2
eBook Packages: Springer Book Archive