{"title":"企业应用程序安全管理和用户管理中基于角色的访问控制","authors":"Vinith Bindiganavale, J. Ouyang","doi":"10.1109/IRI.2006.252397","DOIUrl":null,"url":null,"abstract":"One of the most challenging problems in managing large Web-applications is the complexity of security administration and user-profile management. Role based access control (RBAC) has become the predominant model for advanced access control due to the reduced complexity and cost of administration. Under RBAC, security administration is greatly simplified by using roles, hierarchies and privileges, and user management is uncomplicated by using LDAP API specification within the J2EE application. System administrators create roles according to the job functions performed in an organization, grant permissions to those roles, and then assign users to the roles on the basis of their specific job responsibilities and qualifications. We introduce in this paper RBAC in a typical J2EE enterprise application and present architectural details, along with security administration and user-profile management for RBAC. Netegrity SiteMinder provides the RBAC foundation, and J2EE framework serves as the reference model for administration in the application. Then we emphasize the design and implementation of a custom RBAC-model, and the possibilities of optimization of this model","PeriodicalId":402255,"journal":{"name":"2006 IEEE International Conference on Information Reuse & Integration","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Role Based Access Control in Enterprise Application - Security Administration and User Management\",\"authors\":\"Vinith Bindiganavale, J. Ouyang\",\"doi\":\"10.1109/IRI.2006.252397\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"One of the most challenging problems in managing large Web-applications is the complexity of security administration and user-profile management. Role based access control (RBAC) has become the predominant model for advanced access control due to the reduced complexity and cost of administration. Under RBAC, security administration is greatly simplified by using roles, hierarchies and privileges, and user management is uncomplicated by using LDAP API specification within the J2EE application. System administrators create roles according to the job functions performed in an organization, grant permissions to those roles, and then assign users to the roles on the basis of their specific job responsibilities and qualifications. We introduce in this paper RBAC in a typical J2EE enterprise application and present architectural details, along with security administration and user-profile management for RBAC. Netegrity SiteMinder provides the RBAC foundation, and J2EE framework serves as the reference model for administration in the application. Then we emphasize the design and implementation of a custom RBAC-model, and the possibilities of optimization of this model\",\"PeriodicalId\":402255,\"journal\":{\"name\":\"2006 IEEE International Conference on Information Reuse & Integration\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-12-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2006 IEEE International Conference on Information Reuse & Integration\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IRI.2006.252397\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2006 IEEE International Conference on Information Reuse & Integration","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IRI.2006.252397","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Role Based Access Control in Enterprise Application - Security Administration and User Management
One of the most challenging problems in managing large Web-applications is the complexity of security administration and user-profile management. Role based access control (RBAC) has become the predominant model for advanced access control due to the reduced complexity and cost of administration. Under RBAC, security administration is greatly simplified by using roles, hierarchies and privileges, and user management is uncomplicated by using LDAP API specification within the J2EE application. System administrators create roles according to the job functions performed in an organization, grant permissions to those roles, and then assign users to the roles on the basis of their specific job responsibilities and qualifications. We introduce in this paper RBAC in a typical J2EE enterprise application and present architectural details, along with security administration and user-profile management for RBAC. Netegrity SiteMinder provides the RBAC foundation, and J2EE framework serves as the reference model for administration in the application. Then we emphasize the design and implementation of a custom RBAC-model, and the possibilities of optimization of this model
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
