Haupt-Navigation

Publications of the Research Group

Protecting Services with Smartcard-Based Access Control: A Case Study at Technical University Berlin
Citation key	hild.2001.hpovua_casestudy
Author	Thomas Hildmann and Thomas Gebhardt
Title of Book	Proceedings HPOVUA 2001
Year	2001
Month	June
Abstract	Technical University Berlin is in the process of issuing smartcards to employees and students and providing a wide range of campus-related services over the internet. Therefore an infrastructure supplying security services like user-authentication, secure connections and access control is necessary. A further goal is the reuse of existing applications and network technology to keep costs reasonably low. This calls for an application-independent, highly flexible security framework. Security measures must also be scalable, since applications operate on different levels of confidentiality. This paper describes the implemented security framework, which uses application level firewalls to implement smartcard-based authentication and a Single-Sign-On (SSO) mechanism. It will be pointed out that such a system will only be maintainable in the future if role-based access control is introduced. The paper describes the migration from a password- to a smartcard-based authentication which will be extended with a role-based access control (RBAC) mechanism in the next step.