Skip navigation

Distributed RBAC for subscription-based remote network services

Distributed RBAC for subscription-based remote network services

Ma, Mingchao (2007) Distributed RBAC for subscription-based remote network services. PhD thesis, University of Greenwich.

Full text not available from this repository.

Abstract

The problems of identity management inherent in distributed subscription-based resource sharing are investigated in this thesis. The thesis introduces a concept of authentication delegation and distributed RBAC (DRBAC) to support fine granular access control across multiple autonomous resource sites and subscribing sites. The DRBAC model extends the RBAC model to a distributed environment. A prototype system based on the concepts of authentication delegation and distributed role and the distributed RBAC model has been implemented and tested. Access is allowed based on the distributed roles, subject to certain constraints. Enforcing distributed role based access control policies allows organizations to ease the administrative overhead in a distributed environment.

This thesis concentrates on both theoretical and practical aspects. It describes the design, implementation and performance of a prototype system that provides controlled access to subscription-based remote network services through a web browser. The prototype system is developed using Java technology and runs on a Tomcat web server. A third-party authentication protocol is designed and employed to exchange security assertions among involved parties. An XML-based policy language has been employed in the system for authorization decision. Public key cryptography and XML security technology are used to ensure the confidentiality and integrity of the system and interaction among the involved parties. The web servers use plug-ins to provide an authentication-delegation service and a policy-based authorization service. Users can use a single userID and password to access multiple subscribed resource sites.

Item Type: Thesis (PhD)
Uncontrolled Keywords: distributed role-based access control, DRBAC, identity management, authentication systems, computer networks, security, remote networks,
Subjects: Q Science > QA Mathematics
T Technology > TK Electrical engineering. Electronics Nuclear engineering
Pre-2014 Departments: School of Engineering
School of Engineering > Department of Engineering Systems
Last Modified: 14 Oct 2016 09:16
URI: http://gala.gre.ac.uk/id/eprint/6232

Actions (login required)

View Item View Item