Access Control for the Web-Based Infrastructure

This book focuses on the access control problems in network-based systems and web-based scenarios. It illustrates basic principles and traditional solutions as well as advanced topics such as digital identity management, credential-based access control and trust management, and P2P systems. Besides presenting the concepts, the book gives practical guidelines for designing secure applications in a web-based environment. By using this book, professionals wishing to gain an understanding of the potentials of current access control techniques will be able to exploit existing solutions for specifying accurate protection requirements on their applications. The thorough analysis carried out in the book will also enable them to develop their own access control systems when necessary to deal with novel scenarios. TOC:
PART I - ACCESS CONTROL PRINCIPLES
Chapter 1 - Security services (from authentication to auditing)
Chapter 2 - Access control policies and models
Chapter 3 - Traditional solutions to access control
Chapter 4 - Administrative policies
PART II - ACCESS CONTROL FOR WEB-BASED SYSTEMS
Chapter 5 - Protecting static contents
Chapter 6 - Protecting dynamic contents
PART III - ACCESS CONTROL FOR ADVANCED NETWORK ENVIRONMENT
Chapter 7 - Digital identity management
Chapter 8 - Credential-based access control and trust management (including negotiation)
Chapter 9 - Access control administration, policy interoperability, integration, and composition
Chapter 10 - Digital Rights Management
Chapter 11 - Privacy
Chapter 12 - P2P system security
PART IV - SECURE WEB-BASED ARCHITECTURE
Chapter 13 - Security issues for web services (including dynamic composition of services)
Chapter 14 - Security service components (e.g., Policy information/retrieval/enforcement points)
PART V - STANDARDS
Chapter 15 - (SAML, XACML, Xrml)