论文信息 - An application of directory service markup language (DSML) for role-based access control (RBAC)

An application of directory service markup language (DSML) for role-based access control (RBAC)

The directory service markup language (DSML) prescribes how to manipulate directory services information in XML, and thus it facilitates sharing of directory information as XML fragments among XML-based applications. We describe how to leverage DSML for role-based access control on XML-based Web applications which often need collaboration within or beyond a single enterprise boundary. Compared with previous works in this area, we show that our approach can solve the problems of a previous LDAP-oriented solution. We discuss the security architecture based upon a server-pull model and its components. We also demonstrate the feasibility of our approach through a proof-of-concept implementation. Finally, several issues from our experience are discussed as well.

[1] Ravi S. Sandhu. Role Hierarchies and Constraints for Lattice-Based Access Controls , 1996, ESORICS.

[2] Gail-Joon Ahn,et al. Role-based access control on the web , 2001, TSEC.

[3] Gail-Joon Ahn,et al. Role-based authorization constraints specification , 2000, TSEC.

[4] Russ Housley,et al. An Internet Attribute Certificate Profile for Authorization , 2002, RFC.

[5] Edward J. Coyne. Role engineering , 1996, RBAC '95.

[6] Ravi S. Sandhu,et al. RBAC on the Web by smart certificates , 1999, RBAC '99.

[7] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.

[8] Gail-Joon Ahn,et al. Injecting RBAC to secure a Web-based workflow system , 2000, RBAC '00.