Role-Based Access Control on the Web Using LDAP [chapter]

Joon S. Park, Gail-Joon Ahn, Ravi Sandhu
2002 Database and Application Security XV  
This paper gives a framework for hc;>w to leverage Lightweight Directory Access Protocol (LDAP) to implement Role-based Access Control (RBAC) on the Web in the server-pult architecture. LDAP-based directory services have recently received much attention because they can support object-oriented hierarchies of entries in which we can easily search and modify attributes over TCP/IP. To implement RBAC on the Web, we use an LDAP directory server as a role server that contains users' role
more » ... The role information in the role server is referred to by Web servers for access control purposes through LDAP in a secure manner (over SSL). We provide a comparison of this work to our previous work, RBAC on the Web in the user-pult architecture.
doi:10.1007/978-0-387-35587-0_2 fatcat:f4oryi2ujbgwjbge7gupy6ggfu