Risks of the passport single signon protocol
Proceedings of the 9th international World Wide Web conference on Computer networks : the international journal of computer and telecommunications netowrking
Risky business: what have we yet to learn about risk management
Journal of Systems and Software
ACM SIGAda Ada Letters
The PAPI system: point of access to providers of information
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on networking middleware: selected papers from the TERENA networking conference 2001
Security in Computing
A model for evaluating IT security investments
Communications of the ACM - Has the Internet become indispensable?
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Trust, privacy and security in e-business: requirements and solutions
PCI'05 Proceedings of the 10th Panhellenic conference on Advances in Informatics
Authentication and authorisation infrastructures in b2c e-commerce
EC-Web'05 Proceedings of the 6th international conference on E-Commerce and Web Technologies
Attribute-Based authentication and authorisation infrastructures for e-commerce providers
EC-Web'06 Proceedings of the 7th international conference on E-Commerce and Web Technologies
Hi-index | 0.00 |
Authentication and Authorisation Infrastructures (AAIs) support service providers on the internet to outsource security services. Motivations for their usage stem from software engineering and economics. For the latter an assessment of inherent risks is needed. In this work the authors deduct an appropriate, formalistic risk assessment method for AAIs and analyse outsource able security services in comparison to traditional – non AAI involved – service providing. To achieve the assessment of risks various methods for risk management have been analysed and finally a suitable qualitative method has been chosen. As AAIs differ in their potential to cover security services, combinations of these services are compared. The given risk assessment method enables providers to decide on a special infrastructure for their purpose and lets users of AAIs determine if given advantages surpass the immanent risks. This work also enables service providers to estimate costs for such an infrastructure and calculate potential savings.