Specifying and Managing Role-Based Access Control Within a Corporate Intranet

Ferraiolo, David; Barkley, John

doi:https://doi.org/10.1145/266741.266761

Conference Proceedings

Specifying and Managing Role-Based Access Control Within a Corporate Intranet

Documentation

Published: November 07, 1997

Author(s)

David Ferraiolo, John Barkley

Conference

Name: Second ACM Workshop on Role-Based Access Control (RBAC '97)
Dates: November 6-7, 1997
Location: Fairfax, Virginia, United States
Citation: Proceedings of the Second ACM Workshop on Role-Based Access Control (RBAC '97), pp. 77-82

Announcement

Abstract

In order for intranets to reach their full potential, access control and authorization management mechanisms must be in place that can regulate user access to information in a manner that is consistent with the current set of laws, regulations, and practices that face businesses today. The purpose of RBAC on the Web would be to provide this access control service, thereby enabling the use of the Web for new and more sophisticated applications -- to allow access to information and other resources that would otherwise not be possible given the existing lack of operational assurance. This paper describes an approach at providing these assurances through the use of RBAC for networked Web servers.

Keywords

access control; intranets; RBAC; Role-Based Access Control; World Wide Web; Web servers

Control Families

None selected

Documentation

Publication:
Conference Proceedings (DOI)

Supplemental Material:
None available

Document History:
11/07/97: Conference Proceedings (Final)