Joon S. Park

Learn More
Current approaches to access control on the Web servers do not scale to enterprise-wide systems because they are mostly based on individual user identities. Hence we were motivated by the need to manage and enforce the strong and efficient RBAC access control technology in large-scale Web environments. To satisfy this requirement, we identify two different(More)
T he World Wide Web facilitates e-commerce on the Internet via its underlying hypertext transport protocol, which carries all interactions between Web servers and browsers.1 Since HTTP is stateless, however, it does not support continuity for browser-server interaction between successive user visits. Without a concept of a session in HTTP, users are(More)
Many companies, organizations, and even individuals implement wireless local area networks (WLANs) in various locations such as their offices, conference rooms, homes, and business areas. This type of connection offers users portability because they can move from one location to another while maintaining access to the corporate network, but it does not(More)
In Peer-to-Peer (P2P) computing environments, each participant (peer) acts as both client and content provider. This satisfies the requirement that resources should be increasingly made available by being published to other users from a user's machine. Compared with services performed by the client-server model, P2P-based services have several advantages.(More)
As more businesses engage in globalization, inter-organizational collaborative computing grows in importance. Since we cannot expect homogeneous computing environments in participating organizations, heterogeneity and Internet-based technology are prevalent in inter-organizational collaborative computing environments. One technology that provides solutions(More)
Web-based workflow systems have recently received much attention because they can support dynamic business processes over heterogeneous computing systems. Most existing web-based workflow systems, however, provide minimal security services such as authentication of users and network security. In this paper we describes an experiment in injecting role-based(More)
Secure and effective access control is critical to sensitive organizations, especially when multiple organizations are working together using diverse systems. To alleviate the confusion and challenges of redundancy in such a large, complex organization, in this paper we introduce a composite role-based access control (RBAC) approach, by separating the(More)
We have described in another paper how to develop and use smart certificates by extending X.509 with several sophisticated features for secure attribute services on the Web. In this paper, we describe an implementation of RBAC (Role-Based Access Control) with role hierarchies on the Web as one possible application of smart certificates. To support RBAC, we(More)