ROLE-BASED EAM USING X.509 ATTRIBUTE CERTIFICATE ∗ Dongwan Shin and Gail-Joon Ahn Department of Software and Information Systems The University of North Carolina at Charlotte {doshin, gahn}@uncc.edu Sangrae Cho Department of Information Security System Electronics and Telecommunications Research Institute sangrae@etri.re.kr Abstract In this paper, we describe an experiment of designing and implement- ing a role-based extranet access management (EAM) by leveraging role- based access control (RBAC) and X.509 attribute certificate for scalable and interoperable authorization. Compared with previous works in this area, we show that our approach can overcome the problems of previous solutions and broaden RBAC’s applicability into large-scale networks. The components for role administration are defined and a security archi- tecture is discussed. We also demonstrate the feasibility of our approach through a proof-of-concept implementation. Several issues from our ex- periment are briefly discussed as well. Keywords: Access control, Role-based, Attribute certificate, Privilege management infrastructure 1. Introduction Extranet access management (EAM) has received much attention in recent years as a solution of security challenges that web-based applica- tions are faced with. EAM is often referred to as a unified mechanism for both managing the authentication of users across enterprises (i.e., single ∗ Research supported at the Laboratory of Information of Integration, Security and Privacy at the University of North Carolina at Charlotte by grants from the Electronics and Telecom- munications Research Institute.