Plug-in Authorization Service (PAS) |
Benefits
Plug-in Web authorization technology provides strong, scalable client authorization using off-the-shelf clients and servers. No special software is required on the client. The server component is implemented as a plug-in for off-the-shelf servers. The design allows for distribution, replication and secure remote management of all server authorization data.
Technology Highlights
A plug-in for off-the-shelf servers authorizes access to Web documents and services. The plug-in incorporates a privilege mapper component which maps from a client identity to a set of privileges. These privileges are evaluated against Access Control Lists (ACLs) maintained by the ACL Manager to authorize access. Strong client identities are established using public key certificates communicated via the SSL protocol. Other identities can also be used.
The ACL manager and privilege mapper can be implemented entirely as in-process components of the ACL Plug-in, or they can be implemented as remote services with secure interfaces. With remote implementations, these services can be distributed, replicated, and shared among multiple servers.
Current Status
The plug-in authorization technology is being implemented as an enhancement to the Research Institute's proven Secure Web Technology. The goal is to provide the security and scaling benefits of the Secure Web without requiring any special client-side software or the Secure Web's underlying DCE infrastructure. A demo version, based on existing Secure Web components is now available.
Contacts
For more information on this technology, please contact James Loveluck at the Open Group Research Institute. This project is part of the Web and Security Technologies Program.
Send comments, suggestions, and problem reports about this server to the WWW archivist [email protected].
Last modified : 24 Dec 1999