• Journal of Internet Computing and Services
• /
• v.11 no.1
• /
• pp.167-181
• /
• 2010

WebDAV is an IETF standard protocol which supports asynchronous collaborative authoring on the Web. The WebDAV Access Control Protocol provides various methods of controlling the resources on a WebDAV server and their properties, helping high-level group activities to be performed through the WebDAV server. In this paper, to provide high level collaboration, we introduce a technique for managing access control over WebDAV resources through the WebDAV Access Control Protocol and describe the development of an access control manager for the CoSlide Collaborative system based on the technique. To provide users with the access control features in an easily understandable manner, the developed technique presents the privileges for performing WebDAV methods instead of the standard privileges in the WebDAV Access Control Protocol. In addition, we present the facility for detecting conflicts between new access privileges on resources and old access privileges on them. We applied the method-based access control management technique to the CoSlide collaborative system. The developed access control manager enables us to create group workspaces with flexible access control strategies for group members and resources.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.3
• /
• pp.13-29
• /
• 2005

An important characteristic of role-based access control model(RBAC) is that by itself it is policy neutral. This means RBAC articulates security policy without embodying particular security policy. Because of this reason, there are several researches to configure RBAC to enforce traditional mandatory access control(MAC) policy and discretionary access control(DAC) policy. Specifically, to simulate MAC using RBAC several researches configure a few RBAC components(user, role, role-hierarchy, user-role assignment and session) for keeping no-read-up rule and no-write-down rule ensuring one-direction information flow from low security level to high security level. We show these researches does not ensure confidentiality. In addition, we show the fact that these researches overlook violation of integrity due to some constraints of keeping confidentiality. In this paper we propose a RBAC model satisfying both confidentiality and integrity. We reexamine a few RBAC components and constructs additional constraints.

• Journal of Internet Computing and Services
• /
• v.11 no.3
• /
• pp.87-103
• /
• 2010

In the study, we introduce the trend in domestic and foreign web accessibility, as well as the legal system that ensures web accessibility. Based on Korean Web Content Accessibility Guidelines (KWCAG)1.0, we investigated the web content accessibility of 80 tertiary health-care hospitals and general hospitals in Korea. We evaluated accessibility by combining accessibility-based criteria (ABC) with usability-based criteria (UBC). ABC was limited to an alternative text for Guideline 1, using a small number of frames and keyboard accessibility for Guideline 2. UBC checked the voice service (TTS), resizing text, providing multi-lingual websites, and disclosing web accessibility policy. KADO-WAH2.0 was used for representing the compliance rate. The evaluation result was a considerable improvement from previous results, even though the rate of compliance with web accessibility was generally insufficient. There was a significant difference between those medical centers which did and did not comply with web accessibility. Incidentally, many hospitals were found to have attempted to confront and come to terms with web accessibility. In future, the following factors are advisable for medical centers with publicity or public interest: they must employ active and aggressive promotion of establishment of independent accessibility guidelines to secure web accessibility, they should effect an improvement of the realization of web accessibility, there can be constant education and promotion, and there can be an institutional supplementation, as well as others.

• Journal of Korea Society of Industrial Information Systems
• /
• v.16 no.3
• /
• pp.73-87
• /
• 2011

The development of a web has made our life more convenient than ever before; however, the elderly and disabled people have not advantage on it. Due to "Anti-Discrimination against and Remedies for Persons with Disabilities Act" enacted in 2008, the importance of web accessibility education has been important, but education on the web accessibility has not been actively implemented yet. Thus, in this paper the trends of web accessibility education in both domestic government agencies and private organizations are reviewed. In addition, its trends on the foreign government agencies, private organizations, and institutions of universities are summarized. To achieve this research goal, literature review was carried out and data collected from the both domestic and foreign countries were compared. Based on the review, the way to vitalize web accessibility education in Korea is discussed. The contribution of this paper is that web accessibility education of domestic and foreign institutions are compared for the first time and thereby, the implications for activating web accessibility education are suggested.

• The Journal of Korean Association of Computer Education
• /
• v.13 no.5
• /
• pp.39-49
• /
• 2010

The importance of web accessibility becomes important due to a legal obligation to comply with web accessibility. However, there are few educational programs developed on web accessibility for vocational high schools in Korea. In this study, to explore the future possibilities of web accessibility curriculum the survey with information teachers of 97 vocational high schools was conducted along with review of the curriculums of the domestic and foreign web accessibility educational programs. The survey results indicate that (1) the information teachers have only basic conceptual understandings on web accessibility and (2) they have little intention on teaching web accessibility at their vocational high schools due to current educational conditions and the lack of web accessibility knowledge. The results of this study could be employed as references for the web and web accessibility educational courses at the vocational high schools.

• The KIPS Transactions:PartC
• /
• v.10C no.1
• /
• pp.11-16
• /
• 2003

This paper implements Multiple User Authentication System to which the system authenticating with password only has been upgraded. The 4-staged authentication including user ID, password, smart card and access control information, etc. is used at the suggested Multiple User Authentication System. The user authentication system that this paper suggests has been developed based on SecuROS/FreeBSD with the function of access control added to FreeBSD kernel. It provides both the function to limit accost range to the system to each user and the function to check that when inputting important information the demand is the one if the system ; thus, the reliability becomes increased. In the SecuROS/FreeBSD system, MAC and RBAC are being used. So, in the case of users accessing to the system, the Information about the policies of MAC and RBAC to which users would access is used in the authentication. At the time, the access to system if permitted only when the access control information that users demanded satisfies all the access control rules which have been defined In the system.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.5 s.43
• /
• pp.127-137
• /
• 2006

We propose two phase filtering scheme to develop an efficient mechanism for XML databases to control query-based access. An access control environment for XML documents and some techniques to deal with fine-grained authorization priorities and conflict resolution issues are proposed. Despite this, relatively little work has been done to enforce access controls particularly for XML databases in the case of query-based access. The basic idea utilized is that a user query interaction with only necessary access control rules is modified to an alternative form through a query optimization technique, which is guaranteed to have no access violations using tree-aware metadata of XML schemas. The scheme can be applied to any XML database management system and has several advantages such as small execution time overhead, fine-grained controls, and safe and correct query modification. The experimental results clearly demonstrate the efficiency of the approach.

• The KIPS Transactions:PartA
• /
• v.18A no.1
• /
• pp.33-38
• /
• 2011

The purpose of this study is to develop and use the e-learning contents accessibility guidelines to improve contents accessibility for the non-technical developers and designers. The accessibility guidelines used for web or digital contents are usually technical, field dependent, or specific that are not friendly for many developers or designers. In this study, the e-Learning Contents Accessibility Guidelines was developed based on the principles of Universal Design for Learning. The guidelines could be used to map the necessary skills for the developers and the instructional designers. In this study, 5 users with different disabilities tested 6 e-learning contents, and surveyed e-learning experts to identify core elements for accessibility guidelines. Due to the limited accessibility of the contents, we need to offer manuals and training for developers and designers, need collaborative efforts between different stake holders, include accessibility in quality assurance guidelines, and further research to improve accessibility for many existing Flash contents.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.11-21
• /
• 2004

To authorize IPSec-VPN Client in Client-to-Gateway type of the IPSec-VPN system, it can be normally used with ID/Password verification method or the implicit authorization method that regards implicitly IPSec-VPN gateway as authorized one in case that the IPSec-VPN client is authenticated. However, it is necessary for the Client-to-Gateway type of the IPSec-VPN system to have a more effective user authorization mechanism because the ID/Password verification method is not easy to transfer the ID/Password information and the implicit authorization method has the vulnerability of security. This paper proposes an effective user authorization mechanism using an attribute certificate and designs a user authorization engine. In addition, it is implemented in this study. The user authorization mechanism for the IPSec-VPN system proposed in this study is easy to implement the existing IPSec-VPN system. Moreover, it has merit to guarantee the interoperability with other IPSec-VPN systems. Furthermore, the user authorization engine designed and implemented in this paper will provide not only DAC(Discretional Access Control) and RBAC(Role-Based Access Control) using an attribute certificate, but also the function of SSO(Single-Sign-On).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.2
• /
• pp.37-52
• /
• 2005

Traditional access control models like role-based access control model are insufficient in security needs in ubiquitous computing environment because they take no thought of access control based on user's context or environment condition. In these days, although researches on context-aware access control using user's context or environment conditions based on role-based access control are emerged, they are on the primary stage. We present context definitions md an access control model to provide more flexible and dynamic context-aware access control based on role-based access control. Specially, we describe the conflict problems occurred in the middle of making an access decision. After classifying the conflict problems, we show some resolutions to solve them. In conclusion, we will lay the foundations of the development of security policy and model assuring right user of right object(or resource) and application service through pre-defined context and context classification in ubiquitous computing environments. Beyond the simplicity of access to objects by authorized users, we assure that user can access to the object, resource, or service anywhere and anytime according to right context.