Skip to main content
Article thumbnail
Location of Repository

Distributed RBAC for subscription-based remote network services

By Mingchao Ma

Abstract

The problems of identity management inherent in distributed subscription-based resource sharing are investigated in this thesis. The thesis introduces a concept of authentication delegation and distributed RBAC (DRBAC) to support fine granular access control across multiple autonomous resource sites and subscribing sites. The DRBAC model extends the RBAC model to a distributed environment. A prototype system based on the concepts of authentication delegation and distributed role and the distributed RBAC model has been implemented and tested. Access is allowed based on the distributed roles, subject to certain constraints. Enforcing distributed role based access control policies allows organizations to ease the administrative overhead in a distributed environment.\ud \ud This thesis concentrates on both theoretical and practical aspects. It describes the design, implementation and performance of a prototype system that provides controlled access to subscription-based remote network services through a web browser. The prototype system is developed using Java technology and runs on a Tomcat web server. A third-party authentication protocol is designed and employed to exchange security assertions among involved parties. An XML-based policy language has been employed in the system for authorization decision. Public key cryptography and XML security technology are used to ensure the confidentiality and integrity of the system and interaction among the involved parties. The web servers use plug-ins to provide an authentication-delegation service and a policy-based authorization service. Users can use a single userID and password to access multiple subscribed resource sites

Topics: QA, TK
Publisher: University of Greenwich,
Year: 2007
OAI identifier: oai:gala.gre.ac.uk:6232
Sorry, our data provider has not provided any external links therefore we are unable to provide a link to the full text.

Suggested articles


To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.