John Barkley, Anthony V. Cincotta, David F. Ferraiolo, Serban I. Gavrila, David R. Kuhn
One of the most challenging problems in managing large networked systems is the complexity of security administration. This is particularly true for organizations that AWeb (WWW) servers. Today, security administration is costly and prone to error because administrators usually specify access control lists for each user on the system individually. Role based access control (RBAC) is a technology that is attracting increasing attention, particularly for commercial applications, because of its potential for reducing the complexity and cost of security administration in large networked applications. This paper describes software components that provide RBAC for networked servers using WWW protocols. The RBAC components can be linked with commercially available web servers, and require no modification of the server software.
Proceedings of the 20th National Information Systems Security Conference (NISSC '97)
October 7-10, 1997
20th National Information Systems Security Conference (NISSC '97)
, Cincotta, A.
, Ferraiolo, D.
, Gavrila, S.
and Kuhn, D.
Role Based Access Control for the World Wide Web, Proceedings of the 20th National Information Systems Security Conference (NISSC '97), Baltimore, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=916553
(Accessed December 2, 2023)