Attribute-Based authentication and authorisation infrastructures for e-commerce providers

Authors:
Christian Schläger;Manuel Sojer;Björn Muschall;Günther Pernul
Affiliations:
University of Regensburg, Regensburg, Germany;University of Regensburg, Regensburg, Germany;University of Regensburg, Regensburg, Germany;University of Regensburg, Regensburg, Germany
Venue:
EC-Web'06 Proceedings of the 7th international conference on E-Commerce and Web Technologies
Year:
2006

Citing 8
Cited 2

The PAPI system: point of access to providers of information

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on networking middleware: selected papers from the TERENA networking conference 2001
The PERMIS X.509 role based privilege management infrastructure

Future Generation Computer Systems - Special section: Selected papers from the TERENA networking conference 2002
Certificate-based authorization policy in a PKI environment

ACM Transactions on Information and System Security (TISSEC)
Attributed Based Access Control (ABAC) for Web Services

ICWS '05 Proceedings of the IEEE International Conference on Web Services
Supporting Attribute-based Access Control with Ontologies

ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Authrule: a generic rule-based authorization module

DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Towards a risk management perspective on AAIs

TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
Authentication and authorisation infrastructures in b2c e-commerce

EC-Web'05 Proceedings of the 6th international conference on E-Commerce and Web Technologies

A unified attribute-based access control model covering DAC, MAC and RBAC

DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Reachability analysis for role-based administration of attributes

Proceedings of the 2013 ACM workshop on Digital identity management

Quantified Score

Hi-index	0.00

Visualization

Abstract

Authentication and authorisation has been a basic and necessary service for internet transactions. With the evolution of e-commerce, traditional mechanisms for data security and access control are becoming outdated. Several new standards have emerged which allow dynamic access control based on exchanging user attributes. Unfortunately, while providing highly secure and flexible access mechanisms is a very demanding task, it cannot be considered a core competency for most e-commerce corporations. Therefore, a need to outsource or at least share such services with other entities arises. Authen-tication and Authorisation Infrastructures (AAIs) can provide such integrated federations of security services. They could, in particular, provide attribute-based access control (ABAC) mechanisms and mediate customers’ demand for privacy and vendors’ needs for information. We propose an AAI reference model that includes ABAC functionality based on the XACML standard and lessons learned from various existing AAIs. AAIs analysed are AKENTI, CARDEA, CAS, GridShib, Liberty ID-FF, Microsoft .NET Passport, PAPI, PERMIS, Shibboleth and VOMS.