A policy-based access control mechanism for the corporate Web

Author

Ungureanu, Victoria ; Vesuma, F. ; Minsky, Naftaly H.

Author_Institution

MSIS Dept., Rutgers Univ., Newark, NJ, USA

fYear

2000

fDate

36861

Firstpage

150

Lastpage

158

Abstract

Current Web technologies use access control lists (ACLs) for enforcing regulations and practices governing businesses today. Having the policy hard-coded into ACLs causes management and security problems which have sofar prevented intranets from achieving their full potential. This paper is about a concrete design of a mechanism that supports policies for regulating access to information via corporate intranet. This mechanism makes a strict separation between the formal statement of a policy, and its enforcement, the latter being carried out by generic policy engines. The proposed mechanism is easy to deploy, requiring no modifications of current Web servers. We provide some preliminary performance results that show that the mechanism is quite affordable, even in its present, experimental stage

Keywords

authorisation; business data processing; intranets; access control lists; corporate Web; corporate intranet; formal statement; intranets; management problems; policy engines; policy-based access control mechanism; security problems; Access control; Computer science; Computer security; Concrete; Information security; Technology management; Web pages; Web server; Web sites; World Wide Web;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Applications, 2000. ACSAC '00. 16th Annual Conference

Conference_Location

New Orleans, LA

Print_ISBN

0-7695-0859-6

Type

conf

DOI

10.1109/ACSAC.2000.898868

Filename

898868