• DocumentCode
    2416067
  • Title

    Usable access control for the World Wide Web

  • Author

    Balfanz, Dirk

  • Author_Institution
    Palo Alto Res. Center, CA, USA
  • fYear
    2003
  • fDate
    8-12 Dec. 2003
  • Firstpage
    406
  • Lastpage
    415
  • Abstract
    While publishing content on the World Wide Web has moved within reach of the nontechnical mainstream, controlling access to published content still requires expertise in Web server configuration, public-key certification, and a variety of access control mechanisms. Lack of such expertise results in unnecessary exposure of content published by nonexperts, or force cautious nonexperts to leave their content off-line. Recent research has focused on making access control systems more flexible and powerful, but not on making them easier to use. We propose a usable access control systems for the World Wide Web, i.e., a system that is easy to use both for content providers (who want to protect their content from unauthorized access) and (authorized) content consumers (who want hassle-free access to such protected content). Our system is constructed with judicious use of conventional building blocks, such as access control lists and public-key certificates. We point out peculiarities in existing software that make it unnecessarily hard to achieve our goal of usable access control, and assess the security provided by our usable system.
  • Keywords
    Internet; authorisation; public key cryptography; Web server configuration; World Wide Web; access control mechanism; authorisation; content publishing; usable system; Access control; Application software; Certification; Portals; Power system protection; Public key; Publishing; Web and internet services; Web server; Web sites;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Applications Conference, 2003. Proceedings. 19th Annual
  • Print_ISBN
    0-7695-2041-3
  • Type

    conf

  • DOI
    10.1109/CSAC.2003.1254345
  • Filename
    1254345