Abstract
In this paper, we describe an experiment of designing and implementing a rolebased extranet access management (EAM) by leveraging role-based access control (RBAC) and X.509 attribute certificates for scalable and interoperable authorization. Compared with previous works in this area, we show that our approach can overcome the problems of previous solutions and broaden RBAC’s applicability into large-scale networks. The components for role administration are defined and a security architecture is discussed. We also demonstrate the feasibility of our approach through a proof-of-concept implementation. Several issues from our experiment are briefly discussed as well.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35697-6_26
Chapter PDF
Similar content being viewed by others
Keywords
References
G. Ahn and R. Sandhu, Role-based authorization constraints specification, ACM Transactions on Information and System Security, vol. 3 (4), 2000.
G. Ahn, R. Sandhu, M. Kang and J. Park, Injecting RBAC to secure a web-based workflow system, Proceedings of the 5th ACM Workshop on Role-Based Access Control, 2000.
S. Farrell and R. Housley, An Internet attribute certificate profile for authorization, PKIX Working Group, 2001.
D. Ferraiolo, J. Cugini and D.R. Kuhn, Role-based access control: Features and motivations, Proceedings of the Annual Computer Security Applications Conference, 1995.
ITU-T Recommendation X.509, Information Technology: Open Systems Interconnection — The Directory: Public-Key And Attribute Certificate Frameworks, 2000, ISO/IEC 9594–8: 2001.
OSF DCE 1.0 Application Development Guide, Open Software Foundation, Cambridge, Massachusetts, 1992.
OSF DCE 1.0 Introduction to DCE, Open Software Foundation, Cambridge, Massachusetts, 1999.
J. Park, G. Ahn and R. Sandhu, RBAC on the web using LDAP, Proceedings of the 15th IFIP WG 11.3 Conference on Database and Applications Security, 2001.
J. Park, R. Sandhu and G. Ahn, Role-based access control on the web, ACM Transactions on Information and System Security, vol. 4 (1), 2001.
J. Pescatore, Extranet access management magic quadrant, Gartner Research Note (ID: M-13–6853), Gartner, Inc., 2001.
R. Sandhu, Role hierarchies and constraints for lattice-based access control, Proceedings of the 4th European Symposium on Research in Computer Security, 1996.
R. Sandhu, E.J. Coyne, H.L. Feinstein and C.E. Youman, Role-based access control models, IEEE Computer, vol. 29 (2), 1996.
M. Thompson, W. Johnston, S. Mudumbai, G. Hoo, K. Jackson and A. Essiari, Certificate-based access control for widely distributed resources, Proceedings of the 8th USENIX Security Symposium, 1999.
L. Zhang, G. Ahn and B. Chu, A rule-based framework for role-based delegation, Proceedings of the ACM Symposium on Access Control Models and Technologies, May 2001.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Shin, D., Ahn, GJ., Cho, S. (2003). Using X.509 Attribute Certificates for Role-Based EAM. In: Gudes, E., Shenoi, S. (eds) Research Directions in Data and Applications Security. IFIP — The International Federation for Information Processing, vol 128. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35697-6_5
Download citation
DOI: https://doi.org/10.1007/978-0-387-35697-6_5
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-6413-0
Online ISBN: 978-0-387-35697-6
eBook Packages: Springer Book Archive