Role-Based Access Control Models
Computer
A framework for implementing role-based access control using CORBA security service
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Supporting relationships in access control using role based access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Mastering Web Services Security
Mastering Web Services Security
Lattice-Based Access Control Models
Computer
Object Security Attributes: Enabling Application-Specific Access Control in Middleware
On the Move to Meaningful Internet Systems, 2002 - DOA/CoopIS/ODBASE 2002 Confederated International Conferences DOA, CoopIS and ODBASE 2002
Access Control: The Neglected Frontier
ACISP '96 Proceedings of the First Australasian Conference on Information Security and Privacy
Access control with IBM Tivoli access manager
ACM Transactions on Information and System Security (TISSEC)
A Resource Access Decision Service for CORBA-Based Distributed Systems
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Policy/mechanism separation in Hydra
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
Authorization in CORBA Security
Journal of Computer Security
Embedding Dynamic Behaviour into a Self-configuring Software System
ATC '08 Proceedings of the 5th international conference on Autonomic and Trusted Computing
A comparison of two approaches for achieving flexible and adaptive security middleware
Proceedings of the 2008 workshop on Middleware security
Hi-index | 0.00 |
In order for middleware systems to be adaptive, their properties and services need to support a wide variety of application-specific policies. However, application developers and administrators should not be expected to cope with complex policy languages and evaluation engines or to develop custom engines from scratch. In this paper, we discuss the benefits of policy engines designed as component frameworks with a mix of parameterized pre-built and custom logic composed to implement complex policies. To provide an example of such a design approach, we present an authorization architecture for ASP.NET Web services that has been implemented in a real-world system.