Skip to main content
SpringerLink
Log in
Book cover

International Conference on Web-Age Information Management

WAIM 2005: Advances in Web-Age Information Management pp 618–625Cite as

Integrative Security Management for Web-Based Enterprise Applications

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3739))

Abstract

In enterprise environment, security becomes increasingly important and costly. Enterprises are struggling to protect the increasing amount of disparate resources. Simple patchwork of security controls no longer suffices. Enterprises require a comprehensive solution that provides centralized security management, from authentication, to authorization and to auditing. To this end, we present a design and implementation of an integrative security management solution for Web-based enterprise applications, WebDaemon. It provides Single Sign-On to multiple Web applications. It also provides restricted access to Web-based content, portals, and Web applications based on Role-Based Access Control (RBAC) policies. The WebDaemon can help enterprises secure all Web resources with consistency of policy management and reduced administrative costs.

This work was supported partially by NSFC (grant numbers 60373002 and 60496322) and by a NKBRPC (2004CB318000).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Wege, C.: Portal Server Technology. IEEE Internet Computing 6, 73–77 (2002)

    Article  Google Scholar 

  2. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. IEEE Computer 29, 38–47 (1996)

    Google Scholar 

  3. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramoli, R.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security (TISSEC) 4, 224–274 (2001)

    Article  Google Scholar 

  4. OASIS: Security Assertion Markup Language (SAML) version 2.0 (2005), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security

  5. Sun Microsystems: Java Authentication and Authorization Service, JAAS (2003), http://java.sun.com/products/jaas/

  6. Cox, R., Grosse, E., Pike, R., Presotto, D., Quinlan, S.: Security in Plan 9. In: Proceedings of the 11th USENIX Security Symposium, San Francisco, pp. 3–16 (2002)

    Google Scholar 

  7. Kristol, D., Montulli, L.: HTTP State Management Mechanism. RFC 2965 (2000)

    Google Scholar 

  8. Samar, V.: Single Sign-On Using Cookies for Web Applications. In: Proceedings of the 8th IEEE Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, Palo Alto, CA, pp. 158–163 (1999)

    Google Scholar 

  9. Park, J.S., Sandhu, R.: Secure Cookies on the Web. IEEE Internet Computing 4, 36–44 (2000)

    Article  Google Scholar 

  10. Rigney, C., Willens, S., Rubens, A., Simpson, W.: Remote Authentication Dial in User Service (RADIUS). RFC 2865 (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Science, Peking University, Beijing, 100871, China

    Chen Zhao, Yang Chen, Dawei Xu, NuerMaimaiti Heilili & Zuoquan Lin

Authors
  1. Chen Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yang Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dawei Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. NuerMaimaiti Heilili
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zuoquan Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Edinburgh & Bell Laboratories,  

    Wenfei Fan

  2. College of Computer Science, Zhejiang University, 310027, Hangzhou, Zhejiang, China

    Zhaohui Wu

  3. Dept. of E. I. E, Huazhong University of Science and Technology, Wuhan, China

    Jun Yang

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zhao, C., Chen, Y., Xu, D., Heilili, N., Lin, Z. (2005). Integrative Security Management for Web-Based Enterprise Applications. In: Fan, W., Wu, Z., Yang, J. (eds) Advances in Web-Age Information Management. WAIM 2005. Lecture Notes in Computer Science, vol 3739. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11563952_54

Download citation

  • DOI: https://doi.org/10.1007/11563952_54

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29227-2

  • Online ISBN: 978-3-540-32087-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation