Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Authorization and Charging in Public WLANs Using FreeBSD and 802.1x
Proceedings of the FREENIX Track: 2002 USENIX Annual Technical Conference
Role-Based Access Control With X.509 Attribute Certificates
IEEE Internet Computing
Maintenance of Monitoring Systems Throughout Self-healing Mechanisms
DSOM '08 Proceedings of the 19th IFIP/IEEE international workshop on Distributed Systems: Operations and Management: Managing Large-Scale Service Deployment
Performance analysis of a cross-layer SSO mechanism for a roaming infrastructure
Journal of Network and Computer Applications
Efficient utilization of elliptic curve cryptosystem for hierarchical access control
Journal of Systems and Software
An access control system for multimedia content distribution
EuroPKI 2006 Proceedings of the Third European conference on Public Key Infrastructure: theory and Practice
Extending the common services of eduGAIN with a credential conversion service
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Bootstrapping a global SSO from network access control mechanisms
EuroPKI'07 Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice
| Hi-index | 0.00 |
Network access control mechanisms constitute an increasingly needed service, when communications are becoming more and more ubiquitous thanks to some technologies such as wireless networks or Mobile IP. This paper presents a particular scenario where access rules are based not only on the identity of the different users but also on authorization data related to those users. In order to accomplish this general goal, it will be necessary to add to the traditional system-specific services for authentication and authorization, and also some entities able to manage the information related to identity, roles and permissions. Network access will be based on the 802.1X framework and the Authentication, Authorization, and Accounting (AAA) architecture, as they constitute the basis for most of the existing proposals for limiting the access to a restricted network. These proposals will be extended making use of an authorization infrastructure based on SAML statements, the RBAC model, and XACML as the main language for expressing authorization policies. The solution that we present in this paper is a consequence of an exhaustive and non-trivial analysis of the different mechanisms that could be used to provide this kind of service. As we will see, the correct integration of these different mechanisms leads to the definition of a scalable and versatile network access control system which conforms to the guidelines outlined by the AAA initiative.