By Topic

An abstract authorization system for the Internet

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Fernandez, E.B. ; Dept. of Comput. Sci. & Eng., Florida Atlantic Univ., Boca Raton, FL, USA ; Nair, K.R.

Most of the work on Internet security focuses on cryptographic approaches. While valuable, this is not a feasible way to control access to documents. Cryptography can only control secrecy and authentication aspects, but cannot handle different types of access by different users, access to portions of documents, and other content restrictions. A higher-level approach is needed. We present here an authorization model for hypertext documents based on the access matrix. We classify different types of documents, we model these using object-oriented approaches, and we define access policies that specify access to those types of documents. Authorization restrictions can be superimposed on the document class model and on its dynamic model. These authorizations are based on a mandatory version of the access matrix, implementing role-based access control. We consider possible implementation architectures, involving servers and databases

Published in:

Database and Expert Systems Applications, 1998. Proceedings. Ninth International Workshop on

Date of Conference:

25-28 Aug 1998