Different solutions have been used for each security aspects (access control, application security) to
secure enterprise web applications. However combining " / enterprise-level" / and " / application-level" / security aspects in one layer could give great benefits such as reusability, manageability, and
scalability. In this thesis, adding a new layer to n-tier web application architectures to provide a
common evaluation and enforcement environment for both enterprise-level and application level
policies to bring together access controlling with application-level security. Removing discrimination
between enterprise-level and application-level security policies improves manageability, reusability
and scalability of whole system. Resource Access Decision (RAD) specification has been
implemented and used as authentication mechanism for this layer. RAD service not only provides
encapsulating domain specific factors to give access decisions but also can form a solid base to apply
positive and negative security model to secure enterprise web applications. Proposed solution has
been used in a real life system and test results have been presented.
| Identifer | oai:union.ndltd.org:METU/oai:etd.lib.metu.edu.tr:http://etd.lib.metu.edu.tr/upload/12608827/index.pdf |
| Date | 01 September 2003 |
| Creators | Metin, Mehmet Ozer |
| Contributors | Sener, Dr. Cevat |
| Publisher | METU |
| Source Sets | Middle East Technical Univ. |
| Language | English |
| Detected Language | English |
| Type | M.S. Thesis |
| Format | text/pdf |
| Rights | To liberate the content for public access |
Page generated in 0.0026 seconds