An XML Based Authorization Framework for Web-based Applications
Date of Award
Doctor of Philosophy (PhD)
Graduate School of Computer and Information Sciences
Michael J. Laszlo
The World Wide Web is increasingly being used to deliver services. The file based authorization schemes originally designed into web servers are woefully inadequate for enforcing the security policies needed by these services. This has led to the chaotic situation where each application is forced to develop its own security framework for enforcing the policies it requires. In tum, this has led to more numerous security vulnerabilities and greater maintenance headaches.
This dissertation lays out an authorization framework that enforces a wide range of security policies crucial to many web-based business applications. The solution is described in three steps. First, it specifies the stakeholders in an authorization system, the roles they play, and the crucial authorization policies that web applications commonly require. Secondly, it maps out the design of the XML based authorization language (AZML), showing how it provides for maintenance to be divided into proscribed roles and for the expression of required policies. Lastly, it demonstrates through a scenario the use of the XML authorization language for enforcing policies in a web-based application. It also explores the issues of how maintenance should be handled, what would be required to scale the authorization service and how to more tightly couple the authorization service to the web server.
David Jacobs. 2001. An XML Based Authorization Framework for Web-based Applications. Doctoral dissertation. Nova Southeastern University. Retrieved from NSUWorks, Graduate School of Computer and Information Sciences. (607)