Sciweavers

ACSAC
2000
IEEE

A Policy-based Access Control Mechanism for the Corporate Web

13 years 7 months ago
A Policy-based Access Control Mechanism for the Corporate Web
Current Web technologies use access control lists (ACLs) for enforcing regulations and practices governing businesses today. Having the policy hard-coded into ACLs causes management and security problems which have prevented so far Intranets to achieve their full potential. This paper is about a concrete design of a mechanism that supports policies for regulating access to information via corporate Intranet. This mechanism makes a strict separation between the formal statement of a policy, and its enforcement, the latter being carried out by generic policy engines. The proposed mechanism is easy to deploy, requiring no modifications of current web servers. We provide some preliminary performance results that show that the mechanism is quite affordable, even in its present, experimental stage.
Victoria Ungureanu, F. Vesuna, Naftaly H. Minsky
Added 30 Jul 2010
Updated 30 Jul 2010
Type Conference
Year 2000
Where ACSAC
Authors Victoria Ungureanu, F. Vesuna, Naftaly H. Minsky
Comments (0)