{"title":"通过智能证书实现Web上的RBAC","authors":"Joon S. Park, R. Sandhu","doi":"10.1145/319171.319172","DOIUrl":null,"url":null,"abstract":"We have described in another paper how to develop and use smart certi cates by extending X.509 with several sophisticated features for secure attribute services on the Web. In this paper, we describe an implementation of RBAC (Role-Based Access Control) with role hierarchies on the Web as one possible application of smart certi cates. To support RBAC, we issued smart certi cates which hold the subjects' role information and con gured a Web server to use the role information in the certi cate instead of identities for its access control mechanism. Since the subjects' role information is provided integrity, the Web server can trust the role information after authentication and certi cate veri cation by SSL, and uses it for role-based access control. To maintain compatibility with existing technologies, such as SSL, we used a bundled (containing the subject's identity and role information) smart certi cate in the user-pull model.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1999-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"61","resultStr":"{\"title\":\"RBAC on the Web by smart certificates\",\"authors\":\"Joon S. Park, R. Sandhu\",\"doi\":\"10.1145/319171.319172\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We have described in another paper how to develop and use smart certi cates by extending X.509 with several sophisticated features for secure attribute services on the Web. In this paper, we describe an implementation of RBAC (Role-Based Access Control) with role hierarchies on the Web as one possible application of smart certi cates. To support RBAC, we issued smart certi cates which hold the subjects' role information and con gured a Web server to use the role information in the certi cate instead of identities for its access control mechanism. Since the subjects' role information is provided integrity, the Web server can trust the role information after authentication and certi cate veri cation by SSL, and uses it for role-based access control. To maintain compatibility with existing technologies, such as SSL, we used a bundled (containing the subject's identity and role information) smart certi cate in the user-pull model.\",\"PeriodicalId\":355233,\"journal\":{\"name\":\"ACM Workshop on Role-Based Access Control\",\"volume\":\"27 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1999-10-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"61\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Workshop on Role-Based Access Control\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/319171.319172\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Workshop on Role-Based Access Control","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/319171.319172","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
We have described in another paper how to develop and use smart certi cates by extending X.509 with several sophisticated features for secure attribute services on the Web. In this paper, we describe an implementation of RBAC (Role-Based Access Control) with role hierarchies on the Web as one possible application of smart certi cates. To support RBAC, we issued smart certi cates which hold the subjects' role information and con gured a Web server to use the role information in the certi cate instead of identities for its access control mechanism. Since the subjects' role information is provided integrity, the Web server can trust the role information after authentication and certi cate veri cation by SSL, and uses it for role-based access control. To maintain compatibility with existing technologies, such as SSL, we used a bundled (containing the subject's identity and role information) smart certi cate in the user-pull model.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
