| With the development of digitalization of information and the advance of electronic government, there is an increasing requirement for classified access and content confidential of web pages. This article discusses a method of strong authentication, taking advantage of X509 technologies and SSL mechanism, to offer user identification. The authentication mechanism using X509 certificates is well known robust mechanism to identify communication entities. Its security is based on well founded mathematics theories. After so many year's usage, it still works fine. This article also inspected the attacks that SSL will face, showing that it is well designed and can stand various kinds of attacks. Meanwhile, I introduce RBAC method to fulfill the need for role based access control. The RBAC method, also called Role Based Access Control method, is introduced by security experts after intensive researches over the access control methods including that are widely used nowadays, such as DAC and MAC. It can give administrators ability of centralized control as well as reduce the cost of management .Through the adoption of X509 certificate mechanism and RBAC access control, we can effectively protect internal information. A implementation of a hypothesis entity is demonstrated. This article can provide a reference to a schema that deploy authentication and authorization to web pages of entities like government departments, companies. |
PDF Full Text Request