Abstract
In enterprise environment, security becomes increasingly important and costly. Enterprises are struggling to protect the increasing amount of disparate resources. Simple patchwork of security controls no longer suffices. Enterprises require a comprehensive solution that provides centralized security management, from authentication, to authorization and to auditing. To this end, we present a design and implementation of an integrative security management solution for Web-based enterprise applications, WebDaemon. It provides Single Sign-On to multiple Web applications. It also provides restricted access to Web-based content, portals, and Web applications based on Role-Based Access Control (RBAC) policies. The WebDaemon can help enterprises secure all Web resources with consistency of policy management and reduced administrative costs.
This work was supported partially by NSFC (grant numbers 60373002 and 60496322) and by a NKBRPC (2004CB318000).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Wege, C.: Portal Server Technology. IEEE Internet Computing 6, 73–77 (2002)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. IEEE Computer 29, 38–47 (1996)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramoli, R.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security (TISSEC) 4, 224–274 (2001)
OASIS: Security Assertion Markup Language (SAML) version 2.0 (2005), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
Sun Microsystems: Java Authentication and Authorization Service, JAAS (2003), http://java.sun.com/products/jaas/
Cox, R., Grosse, E., Pike, R., Presotto, D., Quinlan, S.: Security in Plan 9. In: Proceedings of the 11th USENIX Security Symposium, San Francisco, pp. 3–16 (2002)
Kristol, D., Montulli, L.: HTTP State Management Mechanism. RFC 2965 (2000)
Samar, V.: Single Sign-On Using Cookies for Web Applications. In: Proceedings of the 8th IEEE Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, Palo Alto, CA, pp. 158–163 (1999)
Park, J.S., Sandhu, R.: Secure Cookies on the Web. IEEE Internet Computing 4, 36–44 (2000)
Rigney, C., Willens, S., Rubens, A., Simpson, W.: Remote Authentication Dial in User Service (RADIUS). RFC 2865 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhao, C., Chen, Y., Xu, D., Heilili, N., Lin, Z. (2005). Integrative Security Management for Web-Based Enterprise Applications. In: Fan, W., Wu, Z., Yang, J. (eds) Advances in Web-Age Information Management. WAIM 2005. Lecture Notes in Computer Science, vol 3739. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11563952_54
Download citation
DOI: https://doi.org/10.1007/11563952_54
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29227-2
Online ISBN: 978-3-540-32087-6
eBook Packages: Computer ScienceComputer Science (R0)