摘要:Most access control approaches are based on individual users. Access control should also cover the enterprise wide systems. Role-Based Access Control (RBAC) with the support of cookies is the solution to this problem. Cookies can be used to support RBAC on the Web by storing users'role information. However, cookies also have some technical drawbacks. In particular, they do not always accurately identify users or they can be used for security attacks. In this paper, we discuss the implementation of Role-Based Access Control with role hierarchies on the Web by secure cookies
