Access control with role attribute certificates

Jing Jang Hwang, Kou Chen Wu, Duen Ren Liu*

*Corresponding author for this work

Research output: Contribution to journalJournal Article peer-review

12 Scopus citations


The goal of access control is to counter the threat of unauthorized operations involving computer or communication systems. Role-based access control (RBAC) is a new paradigm for access control, different from the traditional schemes such as the capability scheme or the access control list scheme. To realize the RBAC scheme, we define role attribute certificates following a generic specification in X.509. Our certificate is a vehicle for carrying role-assignment information about a certificate subject. The certificate is certified, issued, and revoked by a central administrator, called the Role Attribute Certification Authority (RACA); as a result, the access control information conveyed in the certificate is centrally managed. The certificate is sent to application sites where the information is required for access control decisions; consequently, a scheme using this special type of attribute certificate gains the advantage of reducing communication. The drawback with this approach is that role attribute certificates must be accompanied by a public-key certificate, whose functioning depends on the existence of a public-key infrastructure (PKI).

Original languageEnglish
Pages (from-to)43-53
Number of pages11
JournalComputer Standards and Interfaces
Issue number1
StatePublished - 03 2000
Externally publishedYes


  • Attribute certificate
  • Public-key certificate
  • Role-based access control
  • X.509 standard recommendation


Dive into the research topics of 'Access control with role attribute certificates'. Together they form a unique fingerprint.

Cite this