Role-based privilege management using attribute certificates and delegation

Gail Joon Ahn; Dongwan Shin; Longhua Zhang

Role-based privilege management using attribute certificates and delegation

Gail Joon Ahn, Dongwan Shin, Longhua Zhang

Research output: Contribution to journal › Article › peer-review

Abstract

The Internet provides tremendous connectivity and immense information sharing capability which the organizations can use for their competitive advantage. However, we still observe security challenges in Internet-based applications that demand a unified mechanism for both managing the authentication of users across enterprises and implementing business rules for determining user access to enterprise applications and their resources. These business rules are utilized for privilege management or authorization in a security context. In this paper, we design a role-based privilege management leveraging access control models and X.509 attribute certificate. We attempt to develop an easy-to-use, flexible, and interoperable authorization mechanism. Also, we demonstrate the feasibility of our architecture by providing the proof-of-concept prototype implementation using commercial off-the-shelf technologies.

Original language	English (US)
Pages (from-to)	100-109
Number of pages	10
Journal	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	3184
State	Published - Dec 1 2004
Externally published	Yes

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Cite this

@article{80756b6a067b43dba58cd254fb61ef7e,

title = "Role-based privilege management using attribute certificates and delegation",

abstract = "The Internet provides tremendous connectivity and immense information sharing capability which the organizations can use for their competitive advantage. However, we still observe security challenges in Internet-based applications that demand a unified mechanism for both managing the authentication of users across enterprises and implementing business rules for determining user access to enterprise applications and their resources. These business rules are utilized for privilege management or authorization in a security context. In this paper, we design a role-based privilege management leveraging access control models and X.509 attribute certificate. We attempt to develop an easy-to-use, flexible, and interoperable authorization mechanism. Also, we demonstrate the feasibility of our architecture by providing the proof-of-concept prototype implementation using commercial off-the-shelf technologies.",

author = "Ahn, {Gail Joon} and Dongwan Shin and Longhua Zhang",

year = "2004",

month = dec,

day = "1",

language = "English (US)",

volume = "3184",

pages = "100--109",

journal = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

issn = "0302-9743",

publisher = "Springer Verlag",

}

TY - JOUR

T1 - Role-based privilege management using attribute certificates and delegation

AU - Ahn, Gail Joon

AU - Shin, Dongwan

AU - Zhang, Longhua

PY - 2004/12/1

Y1 - 2004/12/1

N2 - The Internet provides tremendous connectivity and immense information sharing capability which the organizations can use for their competitive advantage. However, we still observe security challenges in Internet-based applications that demand a unified mechanism for both managing the authentication of users across enterprises and implementing business rules for determining user access to enterprise applications and their resources. These business rules are utilized for privilege management or authorization in a security context. In this paper, we design a role-based privilege management leveraging access control models and X.509 attribute certificate. We attempt to develop an easy-to-use, flexible, and interoperable authorization mechanism. Also, we demonstrate the feasibility of our architecture by providing the proof-of-concept prototype implementation using commercial off-the-shelf technologies.

AB - The Internet provides tremendous connectivity and immense information sharing capability which the organizations can use for their competitive advantage. However, we still observe security challenges in Internet-based applications that demand a unified mechanism for both managing the authentication of users across enterprises and implementing business rules for determining user access to enterprise applications and their resources. These business rules are utilized for privilege management or authorization in a security context. In this paper, we design a role-based privilege management leveraging access control models and X.509 attribute certificate. We attempt to develop an easy-to-use, flexible, and interoperable authorization mechanism. Also, we demonstrate the feasibility of our architecture by providing the proof-of-concept prototype implementation using commercial off-the-shelf technologies.

UR - http://www.scopus.com/inward/record.url?scp=35048898774&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=35048898774&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:35048898774

SN - 0302-9743

VL - 3184

SP - 100

EP - 109

JO - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

JF - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -

Role-based privilege management using attribute certificates and delegation

Abstract

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this