Design and implementation of a flexible RBAC-service in an object-oriented scripting language

5 November 2001

proceedings article
Published by Association for Computing Machinery (ACM)

p. 58-67
https://doi.org/10.1145/501983.501992

Abstract

In this paper we present the design and implementation of the xorbac component that provides a flexible RBAC service. The xorbac, implementation conforms to level 4a of the unified NIST model for RBAC and can be reused for arbitrary applications on Unix or Windows with a C or Tcl linkage. xorbac runtime elements can be serialized and recreated from RDF data models conforming to a well-defined RDF schema. Furthermore we present our experiences with xorbac for the deployment within the HTTP environment for a web-based mobile code system.

Keywords

This publication has 20 references indexed in Scilit:

Access control and session management in the HTTP environment
IEEE Internet Computing, 2001
Role-based authorization constraints specification
ACM Transactions on Information and System Security, 2000
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security, 2000
Towards the usage of dynamic object aggregations as a foundation for composition
Published by Association for Computing Machinery (ACM) ,2000
A role-based access control model and reference implementation within a corporate intranet
ACM Transactions on Information and System Security, 1999
Scripting: higher level programming for the 21st Century
Computer, 1998
A role-based access control for intranet security
IEEE Internet Computing, 1997
Extending object-oriented systems with roles
ACM Transactions on Information Systems, 1996
Role-based access control models
Computer, 1996
Common Lisp Object System specification
ACM SIGPLAN Notices, 1988