摘要: Web presence has become a key consideration for the majority of companies and other organizations. Besides being an essential information delivery tool, is increasingly regarded as extension organization itself, directly integrated with its operating processes. As this transformation takes place, security grows in importance. IBM Tivoli Access Manager offers shared infrastructure authentication access management, technologies that have begun to emerge commercial marketplace. This paper describes Authorization Service provided by e-business (AM) use AM family members well third-party applications. Policies are defined over protected object namespace stored database, which managed via management console accessed through API. The abstracts from heterogeneous systems thus enables definition consistent policies their centralized management. ACL inheritance delegated allow these be efficiently. API allows applications own control requirements decouple authorization logic application logic. Policy checking can externalized using either proxy sits front servers or plug-in examines request. Thus, familiy establish single entry point enforce enterprise regulate corporate data.
acm.org
sci-hub.se 参考文章(14)
Günter Karjoth, Authorization in CORBA Security Journal of Computer Security. ,vol. 8, pp. 89- 108 ,(2000) , 10.3233/JCS-2000-82-302
M.E. Zurko, R. Simon, T. Sanfilippo, A user-centered, modular authorization service built on an RBAC foundation ieee symposium on security and privacy. pp. 57- 71 ,(1999) , 10.1109/SECPRI.1999.766718
Simon N. Foley, Refereed paper: Building Chinese walls in standard unix TM Computers & Security. ,vol. 16, pp. 551- 563 ,(1997) , 10.1016/S0167-4048(97)00010-2
Matt Blaze, Joan Feigenbaum, Angelos D. Keromytis, KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) international workshop on security. pp. 59- 63 ,(1998) , 10.1007/3-540-49135-X_9
L. Masinter, R. Fielding, T. Berners-Lee, Uniform Resource Identifiers (URI): Generic Syntax RFC. ,vol. 2396, pp. 1- 40 ,(1998)
Angelos D. Keromytis, J. Pigenbaum, Matt Blaze, Key note: Trust management for public-key infrastructures Lecture Notes in Computer Science. ,(1999)
David F Ferraiolo, John F Barkley, D Richard Kuhn, None, A role-based access control model and reference implementation within a corporate intranet ACM Transactions on Information and System Security. ,vol. 2, pp. 34- 64 ,(1999) , 10.1145/300830.300834
M. Gradwell, The new Holy Grail BMJ. ,vol. 317, pp. 1502- 1502 ,(1998) , 10.1136/BMJ.317.7171.1502
Michael M. Swift, Anne Hopkins, Peter Brundrett, Cliff Van Dyke, Praerit Garg, Shannon Chan, Mario Goertzel, Gregory Jensenworth, Improving the granularity of access control for Windows 2000 ACM Transactions on Information and System Security. ,vol. 5, pp. 398- 437 ,(2002) , 10.1145/581271.581273
K. Beznosov, Y. Deng, B. Blakley, C. Burt, J. Barkley, A resource access decision service for CORBA-based distributed systems annual computer security applications conference. pp. 310- 319 ,(1999) , 10.1109/CSAC.1999.816041