Design and Implementation of Role-Based Access Control on the Web

• Main Authors: Jau-Hao Tseng, 曾俊豪
• Other Authors: Jau-Hsiung Huang
• Format: Others
• Language: zh-TW
• Published: 2000
• Online Access: http://ndltd.ncl.edu.tw/handle/58713594763993352940

碩士 === 國立臺灣大學 === 資訊工程學研究所 === 88 === Huge companies provide Web-based services to their external and internal clients who can access information in a uniform manner. WWW becomes a standard user interface and plays a key role in e-commerce and information management. However, the security problems are more and more serious, including unauthorized access especially in a dynamic and complex Web environment. The current approach to access control is “Access Control List (ACL)” that is costly and prone to error. Recently there is much research on “Role-Based Access Control (RBAC)” that is a promising technology for reducing cost and complexity of security administration. This thesis describes two models to implement RBAC on the Web. The basic model adds the RBAC capability to a Web server. The advanced model is firewall architecture and supports RBAC on a Web proxy. Two models are compatible to current Web standards and place no requirements on Web browsers. Besides, the design relies on off-the-shelf components so the implementation is very easy.