Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Role-Based Access Control for the Web



John Barkley, David R. Kuhn, Lynne S. Rosenthal, Mark Skall, Anthony V. Cincotta


Establishing and maintaining a presence on the World Wide Web (Web), once a sideline for U.S. industry, has become a key strategic aspect of marketing and sales. Many companies have demonstrated that a well designed Web site can have a positive effect on their profitability. Enabling customers to answer their own questions by clicking their way through Web pages, instead of dealing with operators and voice response systems, increases the efficiency of the customer interface. One of the most challenging problems in managing large networked systems is the complexity of security administration. This is particularly true for organizations that are attempting to manage security in distributed multimedia environments such as those using World Wide Web services. Today, security administration is costly and prone to error because administrators usually specify access control lists for each user on the system individually. Role-based access control (RBAC) is a technology that is attracting increasing attention, particularly for commercial applications, because of its potential for reducing the complexity and cost of security administration in large networked applications. The concept and design of RBAC is perfectly suited for use on both intranets and internets. It provides a secure and effective way to manage access to an organization's Web information. This paper describes a research effort to develop RBAC on the Web. The security and software components that provide RBAC for networked servers using Web protocols have been implemented and are described in this paper. The RBAC components can be linked with commercially available web servers, and require no modification of the server software.
Proceedings Title
CALS Expo International and 21st Century Commerce 1998: Global Business Solutions for the New Millennium
Conference Dates
October 26-29, 1998
Conference Location
Long Beach, CA


access control, RBAC, Role-Based Access Control, World Wide Web


Barkley, J. , Kuhn, D. , Rosenthal, L. , Skall, M. and Cincotta, A. (1998), Role-Based Access Control for the Web, CALS Expo International and 21st Century Commerce 1998: Global Business Solutions for the New Millennium, Long Beach, CA, [online], (Accessed June 23, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created October 29, 1998, Updated February 19, 2017