ABSTRACT
Designing, implementing, and administering application
security architectures that address and resolve user identi-
fication, authentication, and data access controls, have
become increasingly challenging as technologies transition
from a mainframe architecture, to the multipletier client/
server models, to the newest world wide web-based
application configurations. Within the mainframe environ-
ment, software access control utilities are typically con-
trolled by one or more security officers, who add, change,
and delete rules to accommodate the organization’s policy
compliance. Within the n-tier client/server architecture,
security officers or business application administrators
typically share the responsibility for any number of
mechanisms, to ensure the implementation and mainte-
nance of controls. In the Web application environment,
however, the application user is introduced as a co-owner
of the administration process.