Integrative Security Management for Web-Based Enterprise Applications

In enterprise environment, security becomes increasingly important and costly. Enterprises are struggling to protect the increasing amount of disparate resources. Simple patchwork of security controls no longer suffices. Enterprises require a comprehensive solution that provides centralized security management, from authentication, to authorization and to auditing. To this end, we present a design and implementation of an integrative security management solution for Web-based enterprise applications, WebDaemon. It provides Single Sign-On to multiple Web applications. It also provides restricted access to Web-based content, portals, and Web applications based on Role-Based Access Control (RBAC) policies. The WebDaemon can help enterprises secure all Web resources with consistency of policy management and reduced administrative costs.

[1]  Ravi S. Sandhu,et al.  Secure Cookies on the Web , 2000, IEEE Internet Comput..

[2]  Rob Pike,et al.  Security in Plan 9 , 2002, USENIX Security Symposium.

[3]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[4]  C. Wege Portal Server Technology , 2002, IEEE Internet Comput..

[5]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 2000, RFC.

[6]  David M. Kristol,et al.  HTTP State Management Mechanism , 1997, RFC.

[7]  Vipin Samar Single sign-on using cookies for Web applications , 1999, Proceedings. IEEE 8th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE'99).

[8]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.