Design and Implementation of Role-Based Access Control on the Web
碩士 === 國立臺灣大學 === 資訊工程學研究所 === 88 === Huge companies provide Web-based services to their external and internal clients who can access information in a uniform manner. WWW becomes a standard user interface and plays a key role in e-commerce and information management. However, the security problems a...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Others |
Language: | zh-TW |
Published: |
2000
|
Online Access: | http://ndltd.ncl.edu.tw/handle/58713594763993352940 |
Summary: | 碩士 === 國立臺灣大學 === 資訊工程學研究所 === 88 === Huge companies provide Web-based services to their external and internal clients who can access information in a uniform manner. WWW becomes a standard user interface and plays a key role in e-commerce and information management. However, the security problems are more and more serious, including unauthorized access especially in a dynamic and complex Web environment. The current approach to access control is “Access Control List (ACL)” that is costly and prone to error. Recently there is much research on “Role-Based Access Control (RBAC)” that is a promising technology for reducing cost and complexity of security administration. This thesis describes two models to implement RBAC on the Web. The basic model adds the RBAC capability to a Web server. The advanced model is firewall architecture and supports RBAC on a Web proxy. Two models are compatible to current Web standards and place no requirements on Web browsers. Besides, the design relies on off-the-shelf components so the implementation is very easy.
|
---|