Role-based access control on the web using LDAP

Authors:
Joon S. Park;Gail-Joon Ahn;Ravi Sandhu
Affiliations:
Information and Software Engineering Department, George Mason University;College of Information Technology, University of North Carolina at Charlotte;Information and Software Engineering Department, George Mason University
Venue:
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Year:
2001

Citing 9
Cited 2

Role-Based Access Control Models

Computer
Decentralized user-role assignment for Web-based intranets

RBAC '98 Proceedings of the third ACM workshop on Role-based access control
RBAC on the Web by smart certificates

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Injecting RBAC to secure a Web-based workflow system

RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Secure Cookies on the Web

IEEE Internet Computing
RBAC on the Web by Secure Cookies

Proceedings of the IFIP WG 11.3 Thirteenth International Conference on Database Security: Research Advances in Database and Information Systems Security
Binding identities and attributes using digitally signed certificates

ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Role-based security for distributed object systems

WET-ICE '96 Proceedings of the 5th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE'96)
Analysis of the SSL 3.0 protocol

WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2

Archive storage system design for long-term storage of massive amounts of data

IBM Journal of Research and Development
Semantic access control for corporate mobile devices

ICA3PP'10 Proceedings of the 10th international conference on Algorithms and Architectures for Parallel Processing - Volume Part II

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper gives a framework for how to leverage Lightweight Directory Access Protocol (LDAP) to implement Role-based Access Control (RBAC) on the Web in the server-pull architecture. LDAP-based directory services have recently received much attention because they can support object-oriented hierarchies of entries in which we can easily search and modify attributes over TCP/IP. To implement RBAC on the Web, we use an LDAP directory server as a role server that contains users' role information. The role information in the role server is referred to by Web servers for access control purposes through LDAP in a secure manner (over SSL). We provide a comparison of this work to our previous work, RBAC on the Web in the user-pull architecture.