Research On A High Secure Access Control Model For WEB Applications

Information digitization is a trend since the Internet was reached a mature state, and share and change information on the net has become a part of our ordinary life. Development of the Internet brings lots of conveniences and high efficiency for us, however also a great many security issues. Consequently, protection of the information resources on the web and the user privacy is a very important work. It requires a higher secure for the web applications that serve for government or financial institutions than regular web applications. On the one hand, the confident information should not be obtained by unauthorized user via the web and the authorized user should access only the authorized information resources, on the other hand, the user's realistic information that disclose to the service provider should be as little as possible. In this situation, the research on the high secure access control model for web applications become a pressing demand.The purpose of this paper is to establish an access control model that satisfy the security requirements for the web applications and protect the user privacy to disclose the realistic information to the service provider as little as possible.In this paper, we first analyzed the international development of access control, and mainly researched the characteristic of the role-based access control model and the application of it on the web. Secondly, we proposed a high secure access control model for web applications based on the existing role-based access control model. We described how to join the security token in RBAC model to realize the strict authentication and privacy protection, and we also described in detail the security feature of the improved access control model. Thirdly, two parts of this access control model design and implementation are given. One is the issuance and presentation of security token in two protocols, the other one is the mechanism of the user-roles assignment. Finally, the experiment results indicate the effectiveness of the proposed model. The detailed solution of the information resources safety and privacy protection for web applications which require high security in this paper is proposed. The access control model proposed not only satisfies the security requirement, but also reduces the burden for web applications and users with XACML describing the condition of obtaining roles.