CCE Theses and Dissertations


An XML Based Authorization Framework for Web-based Applications

Date of Award


Document Type


Degree Name

Doctor of Philosophy (PhD)


Graduate School of Computer and Information Sciences


Sumitra Mukherjee

Committee Member

Michael J. Laszlo

Committee Member

Nancy Reed


The World Wide Web is increasingly being used to deliver services. The file based authorization schemes originally designed into web servers are woefully inadequate for enforcing the security policies needed by these services. This has led to the chaotic situation where each application is forced to develop its own security framework for enforcing the policies it requires. In tum, this has led to more numerous security vulnerabilities and greater maintenance headaches.

This dissertation lays out an authorization framework that enforces a wide range of security policies crucial to many web-based business applications. The solution is described in three steps. First, it specifies the stakeholders in an authorization system, the roles they play, and the crucial authorization policies that web applications commonly require. Secondly, it maps out the design of the XML based authorization language (AZML), showing how it provides for maintenance to be divided into proscribed roles and for the expression of required policies. Lastly, it demonstrates through a scenario the use of the XML authorization language for enforcing policies in a web-based application. It also explores the issues of how maintenance should be handled, what would be required to scale the authorization service and how to more tightly couple the authorization service to the web server.

This document is currently not available here.

  Link to NovaCat