This book focuses on the access control problems in network-based systems and web-based scenarios. It illustrates basic principles and traditional solutions as well as advanced topics such as digital identity management, credential-based access control and trust management, and P2P systems. Besides presenting the concepts, the book gives practical guidelines for designing secure applications in a web-based environment. By using this book, professionals wishing to gain an understanding of the potentials of current access control techniques will be able to exploit existing solutions for specifying accurate protection requirements on their applications. The thorough analysis carried out in the book will also enable them to develop their own access control systems when necessary to deal with novel scenarios.

PART I - ACCESS CONTROL PRINCIPLESChapter 1 - Security services (from authentication to auditing)Chapter 2 - Access control policies and modelsChapter 3 - Traditional solutions to access controlChapter 4 - Administrative policiesPART II - ACCESS CONTROL FOR WEB-BASED SYSTEMSChapter 5 - Protecting static contentsChapter 6 - Protecting dynamic contentsPART III - ACCESS CONTROL FOR ADVANCED NETWORK ENVIRONMENTChapter 7 - Digital identity managementChapter 8 - Credential-based access control and trust management (including negotiation)Chapter 9 - Access control administration, policy interoperability, integration, and compositionChapter 10 - Digital Rights ManagementChapter 11 - Privacy Chapter 12 - P2P system security PART IV - SECURE WEB-BASED ARCHITECTUREChapter 13 - Security issues for web services (including dynamic composition of services)Chapter 14 - Security service components (e.g., Policy information/retrieval/enforcement points)PART V - STANDARDSChapter 15 - (SAML, XACML, Xrml)