When we play games, do business, or study over the Internet...
by Jeff Zhuk, University of Phoenix Faculty Member, December, 1995
While teaching at the University of Phoenix,
I sometimes work with students that can only meet me on-line.
For example, I have worked with a military officer,
an Air Force Academy instructor.
Each week he sent me files from a different state.
He finished the course with flying colors just before going to Yugoslavia...
I have prepared a lot of tutorials on-line for people with similar needs.
A lot of homework and testing is done by my students over the Internet.
It was not always easy,
although Web technology has helped to simplify the process.
Though it is helpful, it is not necessary to know about FTP,
Telnet, and other complex networking tools
for those who find information on the Internet with World Wide Web browsers.
However, there are some unresolved problems for people who are developing
tutorials or other applications to be accessed by specific groups,
but not by the whole world.
The World Wide Web (WWW) is the most popular Internet information service.
The WWW provides multimedia access to the Internet by incorporating graphics,
pictures, sound and video into Hypertext documents.
The function of the WWW is to organize any information available through the
Internet into documents that are easily accessible through special links.
When we play games, do business, or study over the Internet, we create virtual groups.
It is very possible that the people in a group have different privileges
from people in other groups.
These privileges are defined by the nature of an application.
It is in situations like these that one must implement multi-level access
into one's Internet applications.
When might we need multi-level secure access to the Internet ?
Whenever two or more user groups need to access the same data with different
privileges.
Here are some scenarios where multi-level access may be
required...
Team Game: 
The game can be played by a team of two or more members.
Team members share same resources, but have different privileges
to use these resources.
Each team member plays a different role in the team that
defines his/her personal privileges.
To reach game goals, team members must figure out their limitations
and cooperate with other members providing help and getting their help.
The game allows direct messaging between team members
and trains them to ask proper questions.
The game can be used as an evaluation test during an interview process
or as training tool teaching tolerance (it takes a lot of watching
what your partner is doing on the screen) and supportive communications.
It also teaches you to recognize and overcome your own limitations,
which is no trivial teamwork task.
The table of privileges defining resources and team member access
is the central part of the game.
At some point it can be dynamically changed by one of the members.
AUCTION ON LINE:
Buyers (the general public) can see and bid on any item.
Item owners can access Auction Web pages not only to read,
but also to change descriptions and prices on their products.
MEDICAL RECORDS ON LINE: (there are no real examples)
I will only mention the basic interest groups that would have
different levels of access:
Government,
Insurance agencies,
Research institutions,
Patients
SCHOOL ON LINE: 
Students should be able to access the on-line tutorials that they signed up for.
They should access (read only!) test area.
But we don't want them to cheat,
so only a teacher would have full access to the answer area.
We'd like students to work in groups as small teams,
as it is one of most powerful study methods that University of Phoenix
brought to life.
Therefore, we create group privileges: each student can access the Web pages
of the team that she/he belongs to.
Visitors (the general public) are allowed to read some demo pages.
Teachers can read all the tutorials and write on the subjects they are
responsible for, including test and answer areas.
To be able to make all these scenarios work, we must learn
how to provide multi-level data access or multi-level
security using Web technology.
Let us consider some facts about Web technology that will demonstrate that
multi-level data access is not a trivial task.
Any Web browser is a client program that makes a connection to an HTTP server machine
for a specific document or application.
The application running on a server machine has no way to get
the User ID or any other client related information.
Client.....................Proxy Server.................Server
The only data available from the server environment is an IP address
of the proxy machine, the final host in the chain that is directly connected
to the HTTP server.
It gives an equal opportunity for any person to reach an application
that does not necessarily meet security standards.
Using encryption helps to secure the transmission of the data,
but it can not resolve the auditing problem.
Using Java doesn't solve the problem either:
Java applets are limited by a browser's functionality, only work
on a selected few of the browsers, and can not get client data.
At the same time there are plenty of applications where multi-level access
must be provided based on client privileges.
-------------------------------------------------------