CSAP — An Adaptable Security Module for the E-Government System Webocrat

Abstract

In this paper we present a generic and adaptable security module called CSAP (Communication, Security, Authentication, and Privacy) which may be used in order to make e-government and e-commerce systems secure and trustworthy. CSAP is service-oriented and offers programming interfaces to core security services such as user identification, authentication, access control, auditing, and security management. We discuss the conceptual architecture, the layered design, and the object-oriented implementation of CSAP. The layered design of CSAP allows the application developer to exchange or enhance security mechanisms via a plug-in concept based on abstract classes and appropriate design patterns. As a consequence, CSAP becomes maintainable and adaptable.Among other services, CSAP provides an implementation of a role-based access control subsystem that conforms to the Core R.BAC model as defined in the proposed NIST standard. Currently, CSAP is almost fully implemented and integrated in the Webocrat system which —in the framework of e-government — provides services supporting direct participation of citizens in democratic processes in a secure way.KeywordsSecurity architecture and servicesadaptable security systemssoftware designrole-based access control (RBAC).