Flexible Enterprise Access Control with Object-oriented View Specification

Title
Flexible Enterprise Access Control with Object-oriented View Specification
Publication Date
2003
Author(s)
Evered, Mark Peter
Editor
Editor(s): Chris Johnson, Paul Montague and Chris Steketee
Type of document
Conference Publication
Language
en
Entity Type
Publication
Publisher
Australian Computer Society (ACS)
Place of publication
Darlinghurst, Australia
UNE publication id
une:4792
Abstract
The per-method access control lists of standard middleware technologies allow only simple forms of access control to be expressed and enforced. Given the increasing use of web-based applications involving sensitive data, the increased threat and the stringent requirements of privacy laws, a more flexible and secure approach is needed. In this paper we present a three-step approach to access control involving object-oriented encapsulation, middleware based on a new, more secure access control mechanism and the high-level specification of method oriented views. We demonstrate the use of the approach in a simple web-based E-commerce environment to provide secure electronic cheques.
Link
Citation
ACSW Frontiers 2003: Proceedings of the Australasian Information Security Workshop and the Workshop on Wearable, Invisible, Context-Aware, Ambient, Pervasive and Ubiquitous Computing, p. 17-24
ISBN
0920682007
Start page
17
End page
24

Files:

NameSizeformatDescriptionLink