Abstract

Abstract. The Internet provides tremendous connectivity and information sharing capability which organizations can use for their competitive advantage. However, we still observe security challenges in Internet-based applications, especially in terms of their limited support for controlled access to organizational resources and information for unknown users. Roles can be a convenient construct for expressing entitled privileges and trust degree alike, based upon which further specification of responsibility and capability is made so as to facilitate trust-based authorization for such an environment. In this article, we design a role-based privilege and trust management by leveraging a role-based trust model and a privilege management infrastructure, as an attempt to develop an easyto-use, flexible, and interoperable authorization mechanism for unknown users. Also, we demonstrate the feasibility of our mechanism by providing a proof-of-concept prototype implementation using commercial off-the-shelf technologies. 1