Policy resolution in workflow management systems
Digital Technical Journal
Role-Based Access Control Models
Computer
Role templates for content-based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Managing role/permission relationships using object access types
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Role delegation in role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Decision Support Systems - Special issue for business to business electronic commerce, issues and solutions
The J2EE tutorial
ACM SIGOPS Operating Systems Review
Java and the IBM San Francisco project
IBM Systems Journal
A formal framework for reflective database access control policies
Proceedings of the 15th ACM conference on Computer and communications security
IBM Journal of Research and Development
An aspect-oriented approach to declarative access control for web applications
APWeb'06 Proceedings of the 8th Asia-Pacific Web conference on Frontiers of WWW Research and Development
A practical aspect framework for enforcing fine-grained access control in web applications
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
A generic XACML based declarative authorization scheme for java
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Hi-index | 0.00 |
The emergence of e-marketplace Web sites that contain proprietary information from multiple organizations requires the creation of new access control schemes that provide fine-grained access control while reducing both administrative and run-time overhead. It is also desirable to have clear, concise, and easily configurable definitions of access control policies that are aligned with business processes, and to have these policies enforced consistently throughout an ecommerce system. In this paper, we describe a policy-based access control scheme, and its implementation, that allows access to individual instances of resources to be specified in a concise and computationally efficient manner. We model business relationships between users and business objects and use implicit grouping of users and resources. These concepts allow policies to refer efficiently to aggregates of resources and users and to document the intention of an authorization policy. Our access control scheme is implemented as an application-level access control mechanism within IBM's WebSphere® Commerce Suite, Marketplace Edition. We use this implementation to provide examples and give performance data. For future work, we discuss how our policy-based, resource-level access control scheme might be enhanced to augment language-level access control schemes, such as the Java™ 2 Platform, Enterprise Edition (J2EE™) security model.