Call for Paper - January 2023 Edition
IJCA solicits original research papers for the January 2023 Edition. Last date of manuscript submission is December 20, 2022. Read More

Role based Access Control with Single Sign-on Architecture using web Services for LMS

Print
PDF
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2018
Authors:
Dharmendra Choukse, Umesh Kumar Singh
10.5120/ijca2018916497

Dharmendra Choukse and Umesh Kumar Singh. Role based Access Control with Single Sign-on Architecture using web Services for LMS. International Journal of Computer Applications 180(21):25-30, February 2018. BibTeX

@article{10.5120/ijca2018916497,
	author = {Dharmendra Choukse and Umesh Kumar Singh},
	title = {Role based Access Control with Single Sign-on Architecture using web Services for LMS},
	journal = {International Journal of Computer Applications},
	issue_date = {February 2018},
	volume = {180},
	number = {21},
	month = {Feb},
	year = {2018},
	issn = {0975-8887},
	pages = {25-30},
	numpages = {6},
	url = {http://www.ijcaonline.org/archives/volume180/number21/29057-2018916497},
	doi = {10.5120/ijca2018916497},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}
}

Abstract

In a Modern World, Web Services have been widely used by different industries to improve business functions and productivity, integrate and automate client support, etc. Hence, it is essential to protect the information and all other resources from unauthorised access by controlling the access via a particular system. Nowadays, large organisations are also switching their activities from host-based application platforms to network-distributed, client-server platforms that bring some difficulties for both end-users, who have multiple electronic identities for different systems, and system administrators, who manage multiple applications separately.

Role-Based Access Control (RBAC) is a reasonably novel access control technique that provides a centralised, dynamic, and consistent way to authorise management, specifically for the requirements of a particular industry to improve its security. Since an authentication mechanism is required for personalised, password-protected user accounts, Single Sign-on (SSO) systems can provide authentication across different services. Due to these benefits, SSO is an approach to implement an RBAC enabled system.

This project exploits the RBAC technique and SSO architecture. The objective of this plan is to learn the RBAC technique and SSO approach. The goal is to develop a Web Portal with reusable security and user access control. To achieve this goal, the Web application was designed and implemented. Unlike traditional client/server models, such as a Web server/Web page system, Web services do not provide the user with a GUI. Web services instead share business logic, data and processes through a programmatic interface across a network.

References

  1. David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D.Richard Kuhn, "Proposed NIST standard for role-based access control," ACM Transactions on Information and System Security, Vol. 4, No. 3, August 2001.
  2. Gail-Joon Ahn, Ravi Sandhu, "Role-based authorisation constraints specification," ACM Transactions on Information and System Security, Vol. 3, No. 4, November 2000.
  3. William Stallings and Lawrie Brown, "Computer Security: Principles and Practice," Chapter 4: "Access Control," Prentice Hall, August 2007.
  4. Sumalatha Adabala, Andréa Matsunaga, Maurício Tsugawa, Renato Figueiredo, and José A. B. Fortes, "Single sign-on in In-VIGO: role-based access via delegation mechanisms using short-lived user identities, " In Proceedings of the 18th IEEE International Parallel and Distributed Processing Symposium, pages 22b, Santa Fe, New Mexico, April 26-30, 2004
  5. Lars Brückner and Martin Mink, "PASS: A privacy-friendly, secure and open Single Sign-On Protocol for Web Services," Technical Report, Darmstadt University of Technology, IT Transfer Office (ITO), Germany, June 2003
  6. Marek Hatala, Timmy Eap, and Ashok Shah, "Federated security: lightweight security infrastructure for object repositories and Web services," IEEE Conference on Next Generation Web Services Practices (NWeSP'05), pages 287-298, Seoul, Korea, August 23-27, 2005.
  7. Faranak Farzad, Eric Yu, and Patrick C. K. Hung, "Role-based access control requirements model with purpose extension," the 10th Workshop on Requirements Engineering, pages 207- 216, Toronto, Canada, May 17-18, 2007.
  8. Dongwan Shin, Gail-Joon Ahn, Sangrae Cho, and Seunghun Jin, "A role-based infrastructure management system: design and implementation," Concurrency and Computation: Practice & Experience, Vol. 16, No. 11, September 2004.
  9. S. Haibo and H.Fan, "A context-aware role-based access control model for web services," in IEEEInternational Conference on e- Business Engineering, 2005. ICEBE 2005
  10. E. Yuan, J. Tong, B. A. H. Inc, “Attributed based access control for web services," in 2005 IEEE International Conference on Web Services, 2005. ICWS 2005. Proceedings, 2005
  11. R.Joseph manoj, A.Chandrasekar, M.D.Anto Praveena, Gandhi Desai “AFTAC: Attribute, Feedback and Time Decay based Access Control for web services”, (ICCCIT 2012)
  12. Cesar Ali “CATRAC: Context Aware Trust and Role based Access Control for composite webservices” 10th IEEE international Conference
  13. X. Wang, J. Luo, A. Song , T. Ma, “ Semantic Access Control in Grid Computing”. Proc. 11th International Conference on Parallel and Distributed Systems, 2005.on computer and information technology (CIT 2010)
  14. Shanshan Song, Kai Hwang, and Mikin Macwan, “Fuzzy Trust Integration for Security Enforcement in Grid Computing” NPC 2004, LNCS 3222, pp. 9-21.
  15. [Wang Meng; Hongxia Xia; Huazhu Song, “A Dynamic Trust Model Based on Recommendation Credibility in Grid Domain”, International Conference CiSE, 2009.

Keywords

RBAC,SSO,Webservices