Victoria Ungureanu, Farokh Vesuna & Naftaly H. Minsky
Rutgers University
USA

Current Web technologies use access control lists (ACLs) for enforcing regulations and practices governing businesses today. Having the policy hard-coded into ACLs causes management and security problems which have prevented so far Intranets to achieve their full potential. This paper is about a concrete design of a mechanism that supports policies for regulating access to information via corporate Intranet. This mechanism makes a strict separation between the formal statement of a policy, and its enforcement, the latter being carried out by generic policy engines. The proposed mechanism is easy to deploy, requiring no modifications of current web servers. We provide some preliminary performance results that show that the mechanism is quite affordable, even in its present, experimental stage.

Read Paper (in PDF)