Role-based privilege management using attribute certificates and delegation

Gail-Joon Ahn, Dongwan Shin, Longhua Zhang

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

The Internet provides tremendous connectivity and immense information sharing capability which the organizations can use for their competitive advantage. However, we still observe security challenges in Internet-based applications that demand a unified mechanism for both managing the authentication of users across enterprises and implementing business rules for determining user access to enterprise applications and their resources. These business rules are utilized for privilege management or authorization in a security context. In this paper, we design a role-based privilege management leveraging access control models and X.509 attribute certificate. We attempt to develop an easy-to-use, flexible, and interoperable authorization mechanism. Also, we demonstrate the feasibility of our architecture by providing the proof-of-concept prototype implementation using commercial off-the-shelf technologies.

Original languageEnglish (US)
Pages (from-to)100-109
Number of pages10
JournalLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3184
StatePublished - 2004
Externally publishedYes

Fingerprint

Business Rules
Delegation
Authorization
Certificate
Internet
Attribute
Information Dissemination
Information Sharing
Access Control
Authentication
Industry
Connectivity
Prototype
Technology
Resources
Access control
Demonstrate
Model
Concepts
Architecture

ASJC Scopus subject areas

  • Computer Science(all)
  • Biochemistry, Genetics and Molecular Biology(all)
  • Theoretical Computer Science

Cite this

@article{80756b6a067b43dba58cd254fb61ef7e,
title = "Role-based privilege management using attribute certificates and delegation",
abstract = "The Internet provides tremendous connectivity and immense information sharing capability which the organizations can use for their competitive advantage. However, we still observe security challenges in Internet-based applications that demand a unified mechanism for both managing the authentication of users across enterprises and implementing business rules for determining user access to enterprise applications and their resources. These business rules are utilized for privilege management or authorization in a security context. In this paper, we design a role-based privilege management leveraging access control models and X.509 attribute certificate. We attempt to develop an easy-to-use, flexible, and interoperable authorization mechanism. Also, we demonstrate the feasibility of our architecture by providing the proof-of-concept prototype implementation using commercial off-the-shelf technologies.",
author = "Gail-Joon Ahn and Dongwan Shin and Longhua Zhang",
year = "2004",
language = "English (US)",
volume = "3184",
pages = "100--109",
journal = "Lecture Notes in Computer Science",
issn = "0302-9743",
publisher = "Springer Verlag",

}

TY - JOUR

T1 - Role-based privilege management using attribute certificates and delegation

AU - Ahn, Gail-Joon

AU - Shin, Dongwan

AU - Zhang, Longhua

PY - 2004

Y1 - 2004

N2 - The Internet provides tremendous connectivity and immense information sharing capability which the organizations can use for their competitive advantage. However, we still observe security challenges in Internet-based applications that demand a unified mechanism for both managing the authentication of users across enterprises and implementing business rules for determining user access to enterprise applications and their resources. These business rules are utilized for privilege management or authorization in a security context. In this paper, we design a role-based privilege management leveraging access control models and X.509 attribute certificate. We attempt to develop an easy-to-use, flexible, and interoperable authorization mechanism. Also, we demonstrate the feasibility of our architecture by providing the proof-of-concept prototype implementation using commercial off-the-shelf technologies.

AB - The Internet provides tremendous connectivity and immense information sharing capability which the organizations can use for their competitive advantage. However, we still observe security challenges in Internet-based applications that demand a unified mechanism for both managing the authentication of users across enterprises and implementing business rules for determining user access to enterprise applications and their resources. These business rules are utilized for privilege management or authorization in a security context. In this paper, we design a role-based privilege management leveraging access control models and X.509 attribute certificate. We attempt to develop an easy-to-use, flexible, and interoperable authorization mechanism. Also, we demonstrate the feasibility of our architecture by providing the proof-of-concept prototype implementation using commercial off-the-shelf technologies.

UR - http://www.scopus.com/inward/record.url?scp=35048898774&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=35048898774&partnerID=8YFLogxK

M3 - Article

VL - 3184

SP - 100

EP - 109

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

SN - 0302-9743

ER -