Providing X.509-based User Access Control to Web Servers
نویسندگان
چکیده
This paper describes an access control model based on X.509v3 certi cates for user authorization on HTTP servers secured by SSL. The authorization model presented is based on the concept of authentication roles , that are the handlers that identify a single certi cate (or a group of them) inside the access control list (ACL). The separation between authentication (role mapping) and authorization makes simple to write ACLs, and at the same time provides enough exibility to lter authorized certi cates. The authorization model is presented, critically analyzed, and compared with the basic HTTP authentication scheme. Finally the implementation of this authorization model is given. It has been developed as a module for the Apache-SSL HTTP server, the SSL version of the most widely used WWW server on Unix platforms.
منابع مشابه
تشخیص ناهنجاری روی وب از طریق ایجاد پروفایل کاربرد دسترسی
Due to increasing in cyber-attacks, the need for web servers attack detection technique has drawn attentions today. Unfortunately, many available security solutions are inefficient in identifying web-based attacks. The main aim of this study is to detect abnormal web navigations based on web usage profiles. In this paper, comparing scrolling behavior of a normal user with an attacker, and simu...
متن کاملSmart Certi cates : Extending X . 509 for Secure Attribute Services on the WebJoon
An attribute is a particular property of an entity, such as a role, access identity, group, or clearance. If attributes are provided integrity, authentication, and conndentiality, Web servers can then trust these secure attributes and use them for many purposes, such as access control, authorization, authentication, and electronic transactions. In this paper, we present a comprehensive approach...
متن کاملSmart Certi cates: Extending X.509 for Secure Attribute Services on the Web
An attribute is a particular property of an entity, such as a role, access identity, group, or clearance. If attributes are provided integrity, authentication, and con dentiality, Web servers can then trust these secure attributes and use them for many purposes, such as access control, authorization, authentication, and electronic transactions. In this paper, we present a comprehensive approach...
متن کاملA Secure Key Registration System based on Proactive Secret-Sharing Scheme
We designed a secure key registration system based on the proactive secret-sharing scheme. A user can register important data such as a session key to a distributed system in a (t, n)-threshold scheme, which means that the data can be recovered if t servers cooperate (in other words, that the data cannot be revealed unless t servers collude). The proactive scheme provides stronger security agai...
متن کاملRBAC on the Web by Smart Certi cates Joon
We have described in another paper how to develop and use smart certiicates by extending X.509 with several sophisticated features for secure attribute services on the Web. In this paper, we describe an implementation of RBAC (Role-Based Access Control) with role hierarchies on the Web as one possible application of smart certiicates. To support RBAC, we issued smart certiicates-which hold the ...
متن کامل