Towards a risk management perspective on AAIs

Authors:
Christian Schläger;Thomas Nowey
Affiliations:
University of Regensburg, Regensburg, Germany;University of Regensburg, Regensburg, Germany
Venue:
TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
Year:
2006

Citing 9
Cited 1

Risks of the passport single signon protocol

Proceedings of the 9th international World Wide Web conference on Computer networks : the international journal of computer and telecommunications netowrking
Risky business: what have we yet to learn about risk management

Journal of Systems and Software
ACM SIGAda Ada Letters

ACM SIGAda Ada Letters
The PAPI system: point of access to providers of information

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on networking middleware: selected papers from the TERENA networking conference 2001
Security in Computing

Security in Computing
A model for evaluating IT security investments

Communications of the ACM - Has the Internet become indispensable?
A Reference Model for Authentication and Authorisation Infrastructures Respecting Privacy and Flexibility in b2c eCommerce

ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Trust, privacy and security in e-business: requirements and solutions

PCI'05 Proceedings of the 10th Panhellenic conference on Advances in Informatics
Authentication and authorisation infrastructures in b2c e-commerce

EC-Web'05 Proceedings of the 6th international conference on E-Commerce and Web Technologies

Attribute-Based authentication and authorisation infrastructures for e-commerce providers

EC-Web'06 Proceedings of the 7th international conference on E-Commerce and Web Technologies

Quantified Score

Hi-index	0.00

Visualization

Abstract

Authentication and Authorisation Infrastructures (AAIs) support service providers on the internet to outsource security services. Motivations for their usage stem from software engineering and economics. For the latter an assessment of inherent risks is needed. In this work the authors deduct an appropriate, formalistic risk assessment method for AAIs and analyse outsource able security services in comparison to traditional – non AAI involved – service providing. To achieve the assessment of risks various methods for risk management have been analysed and finally a suitable qualitative method has been chosen. As AAIs differ in their potential to cover security services, combinations of these services are compared. The given risk assessment method enables providers to decide on a special infrastructure for their purpose and lets users of AAIs determine if given advantages surpass the immanent risks. This work also enables service providers to estimate costs for such an infrastructure and calculate potential savings.