Björn Muschall

Learn More
Recently RBAC (role-based access controls) was found to be among the most attractive solutions for providing acess control in web-based e-commerce and e-government applications. Usually, such systems involve a huge number of heterogeneous users working with the systems under different rights and obligations. In an RBAC authorization and access control(More)
Moderne Anwendungen aus dem Bereich des e-Commerce, sowie Enterpriseund e-Government-Portale bringen aufgrund der Vielzahl höchst heterogener Benutzer und der Diversität der Informationsressourcen die Notwendigkeit für flexible Autorisierungsund Zugriffskontrollverfahren mit sich. Für den Zugriff auf derartige Anwendungen ist sicherzustellen, dass Benutzer(More)
As part of the access control process an authorization decision needs to be taken based on a certain authorization model. Depending on the environment different models are applicable (e.g., RBAC in organizations, MAC in the military field). An authorization model contains all necessary elements needed for the decision (e.g., subjects, objects, and roles) as(More)
Web-based systems like enterprise and e-government portals pose special requirements to information security. Today’s portal platforms provide some security functionality, mainly targeting at supporting a single-sign-on for the underlying applications. We argue that singlesign-on is not sufficient, but rather a mature security service is needed as a central(More)
Our group is involved in the European funded Webocracy project in which an e-government system called Webocrat has been designed and implemented. Our responsibility is to provide mechanisms guaranteeing secure and reliable access to Webocrat. According to the security requirements from the city councils involved in the project we have implemented a generic(More)
  • 1