Implement role based access control with attribute certificates

Nowadays more and more activities are performed over the Internet. But as more people are involved in the transaction circle, security and authorization control becomes one of the biggest concerns. Hence, We are motivated by the need 10 manage and to enforce a strong authorization mechanism in large-scale web-environment. Role based access control (RBAC) provides some flexibility to security management. Public key infrastructure (PKI) can provide a strong authentication. Privilege management infrastructure (PMI) as a new technology can provide strong authorization. In order to satisfy mentioned security requirements, we have established a role based access control infrastructure and developed a prototype that uses X.509 public key certificates (PKCs) and attribute certificates (ACs). Access control is performed by access control policies that are written in XML. Policies and roles are stored in ACs. PKCs and AO are all stored in LDAP servers. A new solution for policy management is described. The main components of the prototype are administration tool and access control engine. The access control engine provides a service that mediates the data between the users and the resources, which is also responsible for authentication and authorization. The administration tool can create key pairs, PKCs and ACs, manage users´ information, and so on.