Re: web application access control research

[Gary Gwin <websec () cafesoft com>]

Andy,

The following links reference a conceptual and object model for an 
Access Control Service, which is modeled based upon SAML and other 
modern access control concepts (e.g., security domains, policy decision 
points, policy enforcement points, etc.). Some XML configuration 
examples for defining rules and permissions are also provided.

http://www.cafesoft.com/products/cams/docs/admin/AccessControlServices.html

Also of use is the architectual introduction:

http://www.cafesoft.com/products/cams/docs/admin/Introduction.html

Gary

absmith () cerias purdue edu wrote:
> All,
>
> Besides the OWASP Guide, can anyone point me to papers/articles that deal 
> with the issues of access control of web applications?
>
> I am looking to do a survey paper on this topic.  Basically, I am looking 
> for references that talk about access control in regards to web 
> applications: current trends, research, tools, software, ideas, etc.
>
> Any help would be great.  Thanks in advance!
>
> - Andy

--

Gary Gwin
http://www.cafesoft.com

*****************************************************************
*                                                               *
*   The Cafesoft Access Management System, Cams, is security    *
*   software that provides single sign-on authentication and    *
*   centralized access control for Apache, Tomcat, and custom   *
*   resources.                                                  *
*                                                               *
*****************************************************************