ScienceDirect® Home Skip Main Navigation Links
You have guest access to ScienceDirect. Find out more.
 
Home
Browse
My Settings
Alerts
Help
 Quick Search
 Search tips (Opens new window)
    Clear all fields    
Computer Communications
Volume 23, Issue 17, 1 November 2000, Pages 1613-1620
 
Font Size: Decrease Font Size  Increase Font Size
 Abstract - selected
Article
Purchase PDF (132 K)

Article Toolbox
  E-mail Article   
  Add to my Quick Links   
Bookmark and share in 2collab (opens in new window)
Request permission to reuse this article
  Cited By in Scopus (2)
 
 
 
Related Articles in ScienceDirect
View More Related Articles
 
View Record in Scopus
 
doi:10.1016/S0140-3664(00)00247-4    
How to Cite or Link Using DOI (Opens New Window)

Copyright © 2000 Elsevier Science B.V. All rights reserved.

Applying authorization to intranets: architectures, issues and APIs

Purchase the full-text article



References and further reading may be available for this article. To view references and further reading you must purchase this article.

1 2 P. AshleyCorresponding Author Contact Information, E-mail The Corresponding Author, 1, M. VandenwauverE-mail The Corresponding Author, 2 and F. SiebenlistE-mail The Corresponding Author

TIVOLI Security Business Unit, A Division of IBM, 9020 Capital of Texas Highway, Great Hills Corporation Center, Bldg1, Austin, TX 78759, USA


Available online 30 November 2000.

Abstract

There are a number of proposed solutions to solve the Intranet authorization problem. They fall into two categories: architectures for providing an authorization framework, and generic authorization application programmer interfaces (APIs) for allowing applications access to the authorization services. This paper examines the leading initiatives in these areas: DCE, SESAME and Windows2000 as authorization frameworks and the GSS-API, GAA-API and AZN-API. The paper stresses the important issues related to implementing an authorization service.

Author Keywords: Access control; Authorization; DCE; Intranet; Security architecture; SESAME; Windows2000

Article Outline

1. Introduction
2. Authorization architectures
2.1. Kerberos
2.2. DCE
2.3. SESAME
2.4. Windows 2000
3. Issues relating to the provision of authorization
3.1. The distribution of privileges
3.2. Privilege tokens
3.3. Access enforcement at the resource
3.4. Positioning of the authorization architectures
4. Authorization APIs
4.1. GSS-API
4.2. GAA-API
4.3. AZN-API
4.4. Credential management
4.5. Access control
4.6. Entitlements service
4.7. Data classification
5. Conclusions
References
Vitae

1 Part of this work was done while the author was at QUT/Australia.

2 Part of this work was done while the author was at COSIC/Belgium.

Corresponding Author Contact Information Corresponding author. Tel.: +1-5124584037; email: pashley@us.ibm.com


Computer Communications
Volume 23, Issue 17, 1 November 2000, Pages 1613-1620
 
Home
Browse
My Settings
Alerts
Help
Elsevier.com (Opens new window)
About ScienceDirect  |  Contact Us  |  Information for Advertisers  |  Terms & Conditions  |  Privacy Policy
Copyright © 2008 Elsevier B.V. All rights reserved. ScienceDirect® is a registered trademark of Elsevier B.V.