NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Role-Based Access Control for the Web

Published

Author(s)

John Barkley, David R. Kuhn, Lynne S. Rosenthal, Mark Skall, Anthony V. Cincotta

Abstract

Establishing and maintaining a presence on the World Wide Web (Web), once a sideline for U.S. industry, has become a key strategic aspect of marketing and sales. Many companies have demonstrated that a well designed Web site can have a positive effect on their profitability. Enabling customers to answer their own questions by clicking their way through Web pages, instead of dealing with operators and voice response systems, increases the efficiency of the customer interface. One of the most challenging problems in managing large networked systems is the complexity of security administration. This is particularly true for organizations that are attempting to manage security in distributed multimedia environments such as those using World Wide Web services. Today, security administration is costly and prone to error because administrators usually specify access control lists for each user on the system individually. Role-based access control (RBAC) is a technology that is attracting increasing attention, particularly for commercial applications, because of its potential for reducing the complexity and cost of security administration in large networked applications. The concept and design of RBAC is perfectly suited for use on both intranets and internets. It provides a secure and effective way to manage access to an organization's Web information. This paper describes a research effort to develop RBAC on the Web. The security and software components that provide RBAC for networked servers using Web protocols have been implemented and are described in this paper. The RBAC components can be linked with commercially available web servers, and require no modification of the server software.
Proceedings Title
CALS Expo International and 21st Century Commerce 1998: Global Business Solutions for the New Millennium
Conference Dates
October 26-29, 1998
Conference Location
Long Beach, CA
Pub Type
Conferences

Download Paper

Local Download

Keywords

access control, RBAC, Role-Based Access Control, World Wide Web
Cybersecurity and privacy

Citation

Barkley, J. , Kuhn, D. , Rosenthal, L. , Skall, M. and Cincotta, A. (1998), Role-Based Access Control for the Web, CALS Expo International and 21st Century Commerce 1998: Global Business Solutions for the New Millennium, Long Beach, CA, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=916554 (Accessed October 9, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created October 29, 1998, Updated February 19, 2017
Was this page helpful?