Role Based Access Control for the World Wide Web | NIST

One of the most challenging problems in managing large networked systems is the complexity of security administration This is particularly true for organizations that are attempting to manage security in distributed multimedia environments such as those using world Wide Web WWW servers Today security administration is costly and prone to error because administrators usually specify access control lists for each user on the system individually Role based access control RBAC is a technology that is attracting increasing attention particularly for commercial applications because of its potential for reducing the complexity and cost of security administration in large networked applications This paper describes software components that provide RBAC for networked servers using WWW protocols The RBAC components can be linked with commercially available web servers and require no modi cation of the server software