The DCE Web toolkit: enhancing WWW protocols with lower-layer services
Proceedings of the Third International World-Wide Web conference on Technology, tools and applications
A capability-based authorization model for the World-Wide Web
Proceedings of the Third International World-Wide Web conference on Technology, tools and applications
Role-Based Access Control Models
Computer
hyperDRIVE: leveraging LDAP to implement RBAC on the Web
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
RBAC on the Web by smart certificates
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Security models for web-based applications
Communications of the ACM
IEEE Internet Computing
A Role-Based Access Control for Intranet Security
IEEE Internet Computing
| Hi-index | 0.00 |
Role-based Access Control (RBAC) appears to be the most appropriate technique for access control to minimize the errors likely to occur in managing users and network resources. It can also reduce management costs. In this paper, we show a method for implementing access control for Web documents without modification of the Web server or Web browser, unlike other methods. The access control of Web documents in existing Web servers is based on directories and files, and depends on Access Control Lists defined in the configuration files of the Web servers. This method cannot realize access control according to the user access permission, based on the Web document content. We also propose a Public Layer and a Protected Layer for more secure Web document storage. Finally, we achieve a fine-grained Web document access control method according to the access permissions granted to the user's role in each Web server in environments of multiple Web servers.