Abstract
This paper gives a framework for how to leverage Lightweight Directory Access Protocol (LDAP) to implement Role-based Access Control (RBAC) on the Web in the server-pull architecture. LDAP-based directory services have recently received much attention because they can support object-oriented hierarchies of entries in which we can easily search and modify attributes over TCP/IP. To implement RBAC on the Web, we use an LDAP directory server as a role server that contains users’ role information. The role information in the role server is referred to by Web servers for access control purposes through LDAP in a secure manner (over SSL). We provide a comparison of this work to our previous work, RBAC on the Web in the user-pull architecture.
Keywords
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35587-0_24
Download to read the full chapter text
Chapter PDF
References
Gail-Joon Ahn, Ravi Sandhu, Myong Kang, and Joon Park. Injecting RBAC to Secure a Web-based Workflow System. In Proceedings of 5th ACM Workshop on Role-based Access Control, pages 1–10, Berlin, Germany, July 2000.
Grady Booch, Ivar Jacobson, and James Rumbaugh. The Unified Modeling Language User Guide. Addison-Wesley, 1998.
T. Dierks and C. Allen. The TLS (Transport Layer Security) Protocol. RFC 246, January 1999.
Timoth Howes, Mark Smith, and Gordon Good. Understanding and Deploying LDAP Directory Services. Macmillan Technical Publishing, 1999.
B. Clifford Neuman. Using Kerberos for Authentication on Computer Networks. IEEE Communications, 32 (9), 1994.
Netscape Communications Corporation. Netscape Directory Server 4.1 Deployment Guide. http://developernetscape.com/docs/manuals/directory/dir40/de/contents.htm 1999.
Joon S. Park and Ravi Sandhu. Binding Identities and Attributes Using Digitally Signed Certificates. In Proceedings of 16th Annual Computer Security Applications Conference (ACSAC), New Orleans, Louisiana, December 2000.
Joon S. Park and Ravi Sandhu. Secure Cookies on the Web. IEEE Internet Computing, 4 (4), 36–44, July-August 2000.
Joon S. Park and Ravi Sandhu. Smart Certificates: Extending X.509 for Secure Attribute Services on the Web. In Proceedings of 22nd National Information Systems Security Conference (NISSC), Crystal City, Virginia, October 1999.
Joon S. Park and Ravi Sandhu. RBAC on the Web by Smart Certificates. In Proceedings of 4th ACM Workshop on Role-based Access Control, pages 1–9, Fairfax, Virginia, October 1999.
Joon S. Park, Ravi Sandhu, and Gail-Joon Ahn. RBAC on the Web. ACM Transactions on Information and Systems Security, 4 (1), February 2001.
Joon S. Park, Ravi Sandhu, and SreeLatha Ghanta. RBAC on the Web by Secure Cookies. In Proceedings of 13th Annual lFIP11.3 Conference on Database Security, Seattle, Washington, July 1999.
Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-based Access Control Models. IEEE Computer, 29 (2): 38–47, February 1996.
Ravi Sandhu and Joon S. Park. Decentralized User-Role Assignment for Web-based Intranets. In Proceedings of 3rd ACM Workshop on Role-based Access Control, pages 1–12, Fairfax, Virginia, October 1998.
D. Wagner and B. Schneien. Analysis of the SSL 3.0 Protocol. In Proceedings of 2nd USENIX Workshop on Electronic Commerce, Oakland, California, November 1996.
Nicholas Yialelis, Emil Lupu, and Morris Sloman. Role-based Security for Distributed Object Systems. In Proceedings of IEEE Fifth Workshops on Enabling Technology: Infrastructure for Collaborative Enterprise. 1996.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Park, J.S., Ahn, GJ., Sandhu, R. (2002). Role-Based Access Control on the Web Using LDAP. In: Olivier, M.S., Spooner, D.L. (eds) Database and Application Security XV. IFIP — The International Federation for Information Processing, vol 87. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35587-0_2
Download citation
DOI: https://doi.org/10.1007/978-0-387-35587-0_2
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-1028-1
Online ISBN: 978-0-387-35587-0
eBook Packages: Springer Book Archive