Re: web application access control research

Andy,

The following links reference a conceptual and object model for an Access Control Service, which is modeled based upon SAML and other modern access control concepts (e.g., security domains, policy decision points, policy enforcement points, etc.). Some XML configuration examples for defining rules and permissions are also provided.

http://www.cafesoft.com/products/cams/docs/admin/AccessControlServices.html

Also of use is the architectual introduction:

http://www.cafesoft.com/products/cams/docs/admin/Introduction.html

Gary

absmith@cerias.purdue.edu wrote:
>
> All,
>
> Besides the OWASP Guide, can anyone point me to papers/articles that deal

-- 

Gary Gwin
http://www.cafesoft.com

*****************************************************************
*                                                               *
*   The Cafesoft Access Management System, Cams, is security    *
*   software that provides single sign-on authentication and    *
*   centralized access control for Apache, Tomcat, and custom   *
*   resources.                                                  *
*                                                               *
*****************************************************************

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek