[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.7472/jksii.2018.19.2.27

A Role-Based Access Control System API Supporting External Authority Interface

Ma, Jin (Dept. of Super Computing, KISTI)
Kim, Hyunah (Dept. of Computer Science, Kyonggi University)
Park, Minjae (Dept. of Computer Software, Daelim University)

Publication Information

Journal of Internet Computing and Services / v.19, no.2, 2018 , pp. 27-32 More about this Journal

Abstract

In industries that are operating various enterprise systems, new systems are integrated and operated in accordance with each period. In particular, when a new system is to be integrated, one of the major considerations is the single sign-on part for integrating and operating the authentication. To implement this authority system using role-based access control method, an extension method for access control method is needed. Therefore, in this paper, we design an extended role-based access control model for interworking with legacy authority system and provide its APIs. The extended role-based access control model is a model in which external authority information, which holds authority information in the authority information, is added. And we describe operations that the REST Web APIs are based on these models. In this paper, the method is described in the back-end APIs and can be implemented as an operation of an extended role-based access control system based on the method.

Keywords

Role-Based Access Control; External Interface; Web API; Restful API;

Citations & Related Records

Times Cited By KSCI : 1 (Citation Analysis)

Reference
Cited By KSCI

1	Seng-phil Hong, Hyun-me Jang, "Applied Method of Privacy Information Protection Mechanism", Journal of Internet Computing and Services, Vol. 9, No. 2, 2008.4, 51-59
2	Kyung-Soo Joo, Jung-Woong Woo, "An Object-Oriented Analysis and Design Methodology for Security of Web Applications", Journal of Internet Computing and Services, Vol.14, No.4, 2013.8, 35-42 DOI
3	D.R. Kuhn, "Mutual Exclusion of Roles as a Means of Implementing Separation of Duty in Role-Based Access Control Systems" Second ACM Workshop on Role-Based Access Control. 1997 http://doi.org/10.1145/266741.266749 DOI
4	R. Chandramouli, R. Sandhu, "Role Based Access Control Features in Commercial Database Management Systems," 21st National Information Systems Security Conference, October 6-9, 1998
5	S. Gavrila, J. Barkley, "Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management" (1998), Third ACM Workshop on Role-Based Access Control. http://doi.org/10.1145/286884.286902 DOI
6	D.R. Kuhn. "Role Based Access Control on MLS Systems Without Kernel Changes" Third ACM Workshop on Role Based Access Control, October 22-23,1998 http://doi.org/10.1145/286884.286890 DOI
7	R. Sandhu, D. Ferraiolo, R. Kuhn, "The NIST Model for Role Based Access Control: Towards a Unified Standard," Proceedings, 5th ACM Workshop on Role Based Access Control, July 26-27, 2000, Berlin, pp.47-63 http://doi.org/10.1145/344287.344301 DOI
8	K.R. Poland M.J. Nash, "Some Conundrums Concerning Separation of Duty," In IEEE Symposium on Computer Security and Privacy, 1990. http://doi.org/10.1109/RISP.1990.63851 DOI
9	Atluri, Vijayalakshmi and David F. Ferraiolo. "Role-Based Access Control." Encyclopedia of Cryptography and Security (2011). http://doi.org/10.1007/978-1-4419-5906-5_829
10	R.W. Baldwin, "Naming and Grouping Privileges to Simplify Security Management in Large Databases," In IEEE Symposium on Computer Security and Privacy, 1990. http://doi.org/10.1109/RISP.1990.63844 DOI
11	https://en.wikipedia.org/wiki/Role-based_access_control
12	D.F. Ferraiolo, R. Kuhn, R. Sandhu (2007), "RBAC Standard Rationale: comments on a Critique of the ANSI Standard on Role Based Access Control", IEEE Security & Privacy, vol. 5, no. 6 (Nov/Dec 2007), pp. 51-53 - explains decisions made in developing RBAC standard. DOI
13	D.F. Ferraiolo and D.R. Kuhn (1992) "Role Based Access Control" 15th National Computer Security Conference, Oct 13-16, 1992, pp. 554-563. - introduced formal model for role based access control.
14	R. S. Sandhu, E.J. Coyne, H.L. Feinstein, C.E. "Role-Based Access Control Models", IEEE Computer 29(2): 38-47, IEEE Press, 1996.- proposed a framework for RBAC models. http://doi.org/10.1109/2.485845 DOI
15	R. Sandhu, D.F. Ferraiolo, D, R. Kuhn (2000), "The NIST Model for Role Based Access Control: Toward a Unified Standard," Proceedings, 5th ACM Workshop on Role Based Access Control, July 26-27, 2000, Berlin, pp.47-63 - first public draft of the NIST RBAC model and proposal for an RBAC standard. http://doi.org/10.1145/344287.344301 DOI
16	D.R. Kuhn, E.J. Coyne, T.R. Weil, "Adding Attributes to Role Based Access Control", IEEE Computer, vol. 43, no. 6 (June, 2010), pp. 79-81. http://doi.org/10.1109/MC.2010.155 DOI
17	Hwang Yu-Dong, Park Dong-Gue, "Extended GTRBAC Delegation Model for Access Control Enforcement in Enterprise Environments", Journal of Internet Computing and Services, Vol. 7 No.1, 2006.2, 17-30.