Administering security in modern enterprise systems may prove an extremely complex task. Their large scale and dynamic nature
are the main factors that contribute to this fact. A robust and flexible model is needed in order to guarantee both the easy
management of security information and the efficient implementation of security mechanisms. In this paper, we present the
foundations and the prototypical implementation of a new access control framework. The framework is mainly targeted to highly
dynamic, large enterprise systems (e.g., service provisioning platforms, enterprise portals etc.), which contain various independent
functional entities. Significant advantages gained from the application of the designated framework in such systems are epitomized
in the easiness of managing access to their hosted resources (e.g., services) and the possibility of applying distributable
management schemes for achieving it. The proposed framework allows for multi-level access control through the support of both
role-based and user-based access control schemes. Discussion is structured in three distinct areas: the formal model of the
proposed framework, the data model for supporting its operation, and the presentation of a prototypical implementation. The
development of the framework is based on open technologies like XML, java and Directory Services. At the last part of the
paper the results of a performance assessment are presented, aiming to quantify the delay overhead, imposed by the application
of the new framework in a real system.
Keywords Distributable management - Enterprise systems - Access control - Security - XML - LDAP
Ioannis Priggouris received his B.Sc. in Informatics from the Department of Informatics & Telecommunications of the University of Athens, Greece
in 1997 and his M.Sc. in Communication Systems and Data Networks from the same Department in 2000. Over the last years he
has been a PhD candidate in the department. Since 1999, he has been a member of the Communication Networks Laboratory (CNL)
of the University of Athens. As a senior researcher of the CNL he has participated in several EU projects implemented in the
context of IST, namely the EURO-CITI and the PoLoS projects. He has also been extensively involved in several National IT
Research projects. His research interests are in the areas of mobile computing, QoS and mobility support for IP networks,
and network security. He is the author of several papers and book chapters in the aforementioned areas.
Stathes Hadjiefthymiades received his B.Sc. (honors) and M.Sc. in Informatics from the Dept. of Informatics, University of Athens, Greece, in 1993
and 1996 respectively. In 1999 he received his Ph.D. from the University of Athens (Dept. of Informatics and Telecommunications).
In 2002 he received a joint engineering-economics M.Sc. from the National Technical University of Athens. In 1992 he joined
the Greek consulting firm Advanced Services Group, Ltd., where he was involved in the analysis, design and implementation
of telematic applications and other software systems. In 1995 he joined, as research engineer, the Communication Networks
Laboratory (UoA-CNL) of the University of Athens. During the period September 2001-July 2002, he served as a visiting assistant
professor at the University of Aegean, Dept. of Information and Communication Systems Engineering. On the summer of 2002 he
joined the faculty of the Hellenic Open University (Dept. of Informatics), Patras, Greece, as an assistant professor. Since
December 2003, he is in the faculty of the Dept. of Informatics and Telecommunications, University of Athens, where he is
presently an assistant professor and coordinator of the Pervasive Computing Research Group. He has participated in numerous
projects realized in the context of EU programs (ACTS, ORA, TAP, and IST), EURESCOM projects, as well as national initiatives.
His research interests are in the areas of web engineering, wireless/mobile computing, and networked multimedia applications.
He is the author of over 100 publications in the above areas.