Trustworthiness Based Authorization on WWW

Get BibTex-formatted data

Download

PDF

Author

Yuhui Zhong, Bharat Bhargava, and Malika Mahoui

Tech report number

CERIAS TR 2002-08

Entry type

inproceedings

Abstract

Current approaches for authorization on Web servers are mostly based on a predefined set of users or domains. They are not suitable for Internet Web sites where the user set is unbounded and authorized users can be non-predefined. We propose an authorization approach that applies role-based access control (RBAC) to WWW. Under this approach, system administrators predefine roles, role-permission relations, and the policies that assign roles to users (user-role assignment policy). The system automatically collects trustworthy information (valid evidence) and assigns roles to Internet users according to user-role assignment policies. Trustworthiness information plays an important role in user-role assignment. The validity of evidence is assessed based on the trustworthiness information of the evidence provider. In addition, system administrators can specify the trustworthiness constraints that users have to satisfy for holding roles. In this paper, the schema of using RBAC on the Web and the procedure of user-role assignment are presented. The classification and evaluation of trustworthiness are discussed.

Download

PDF

URL

https://www.cerias.purdue.edu/papers/archive/2002-08.ps

Institution

CERIAS and Department of Computer Science, Purdue University

Note

Published in IEEE workshop on "Reliable and Secure Application in Mobile Environment", New Orleans, Oct. 2001

Publication Date

1900-01-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Inproceedings{ ,
	title = "Trustworthiness Based Authorization on WWW",
	author = "Yuhui Zhong, Bharat Bhargava, and Malika Mahoui",
	institution = "CERIAS and Department of Computer Science, Purdue University",
	note = "Published in IEEE workshop on "Reliable and Secure Application in Mobile Environment", New Orleans, Oct. 2001",
	abstract = "Current approaches for authorization on Web servers are mostly based on a predefined set of users or domains.  They are not suitable for Internet Web sites where the user set is unbounded and authorized users can be non-predefined.  We propose an authorization approach that applies role-based access control (RBAC) to WWW.  Under this approach, system administrators predefine roles, role-permission relations, and the policies that assign roles to users (user-role assignment policy).  The system automatically collects trustworthy information (valid evidence) and assigns roles to Internet users according to user-role assignment policies.  Trustworthiness information plays an important role in user-role assignment.  The validity of evidence is assessed based on the trustworthiness information of the evidence provider.  In addition, system administrators can specify the trustworthiness constraints that users have to satisfy for holding roles.  In this paper, the schema of using RBAC on the Web and the procedure of user-role assignment are presented.  The classification and evaluation of trustworthiness are discussed.",
	url = "https://www.cerias.purdue.edu/papers/archive/2002-08.ps",
}