Improving the Information Security of Collaborative Web Portals via Fine-Grained Role-Based Access Control

Improving the Information Security of Collaborative Web Portals via Fine-Grained Role-Based Access Control

S. Demurjian (University of Connecticut, USA), H. Ren (University of Connecticut, USA), S. Berhe (University of Connecticut, USA), M. Devineni (Serebrum Cooperation, USA), Sushil Vegad (Serebrum Cooperation, USA) and K. Polineni (Serebrum Cooperation, USA)
DOI: 10.4018/978-1-4666-2136-7.ch021
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Collaborative portals are emerging as a viable technology to allow groups of individuals to easily author, create, update, and share content via easy-to-use Web-based interfaces, for example, MediaWiki, Microsoft’s Sharepoint, and so forth. From a security perspective, these products are often limited and coarse grained in their authorization and authentication. For example, in a Wiki, the security model is often at two ends of the spectrum: anonymous users with no authorization and limited access via read-only browsing vs. registered users with full-range of access and limited oversight in content creation and modification. However, in practice, such full and unfettered access may not be appropriate for all users and for all applications, particularly as the collaborative technology moves into commercial usage (where copyright and intellectual property are vital) or sensitive domains such as healthcare (which have stringent HIPAA requirements). In this chapter, we report on our research and development effort of a role-based access control for collaborative Web portals that encompasses and realizes security at the application level, the document level (authoring and viewing), and the look-and-feel of the portal itself.
Chapter Preview
Top

Introduction

Over the past decade, the World Wide Web (WWW) has come to the forefront as a viable means to allow individuals and organizations to collaborate. Consequently, web portals have emerged as a means to facilitate these interactions, ranging from information repositories to full-fledged authoring and document content collaboration. For instance, WebMD (http://www.hhs.gov/ocr/hipaa/). Utilizing existing collaborative portals in health care are likely to violate HIPPA, given the coarse level of access and limited accountability to content creation and modification; the security of patient/physician interactions simply could not be assured.

Complete Chapter List

Search this Book:
Reset