Instance-level access control for business-to-business electronic commerce

Authors:
R. Goodwin;S. F. Goh;F. Y. Wu
Affiliations:
IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, New York;IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, New York;IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, New York
Venue:
IBM Systems Journal
Year:
2002

Citing 11
Cited 5

Policy resolution in workflow management systems

Digital Technical Journal
Role-Based Access Control Models

Computer
Role templates for content-based access control

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Managing role/permission relationships using object access types

RBAC '98 Proceedings of the third ACM workshop on Role-based access control
The ARBAC97 model for role-based administration of roles

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Role delegation in role-based access control

RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
An object-oriented organizational model to support dynamic role-based access control in electronic commerce

Decision Support Systems - Special issue for business to business electronic commerce, issues and solutions
The J2EE tutorial

The J2EE tutorial
Protection

ACM SIGOPS Operating Systems Review
Java and the IBM San Francisco project

IBM Systems Journal
The application of security policy to role-based access control and the common data security architecture

Computer Communications

A formal framework for reflective database access control policies

Proceedings of the 15th ACM conference on Computer and communications security
The IBM services connection

IBM Journal of Research and Development
An aspect-oriented approach to declarative access control for web applications

APWeb'06 Proceedings of the 8th Asia-Pacific Web conference on Frontiers of WWW Research and Development
A practical aspect framework for enforcing fine-grained access control in web applications

ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
A generic XACML based declarative authorization scheme for java

ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

The emergence of e-marketplace Web sites that contain proprietary information from multiple organizations requires the creation of new access control schemes that provide fine-grained access control while reducing both administrative and run-time overhead. It is also desirable to have clear, concise, and easily configurable definitions of access control policies that are aligned with business processes, and to have these policies enforced consistently throughout an ecommerce system. In this paper, we describe a policy-based access control scheme, and its implementation, that allows access to individual instances of resources to be specified in a concise and computationally efficient manner. We model business relationships between users and business objects and use implicit grouping of users and resources. These concepts allow policies to refer efficiently to aggregates of resources and users and to document the intention of an authorization policy. Our access control scheme is implemented as an application-level access control mechanism within IBM's WebSphere® Commerce Suite, Marketplace Edition. We use this implementation to provide examples and give performance data. For future work, we discuss how our policy-based, resource-level access control scheme might be enhanced to augment language-level access control schemes, such as the Java™ 2 Platform, Enterprise Edition (J2EE™) security model.