Specifying and managing role-based access control within a corporate intranet

Abstract

In order for intranets to reach their full potential, access control and authorization management mechanisms must be in place that can regulate user access to information in a manner that is consistent with the current set of laws, regulations, and practices that face businesses today. The purpose of RBAC on the Web would be to provide this access control service, thereby enabling the use of the Web for new and more sophisticated applications -to allow access to information and other resources that would otherwise not be possible given the existing lack of operational assurance. This paper describes an approach at providing these assurances through the use of RBAC for networked Web servers.