Risks of the passport single signon protocol
Proceedings of the 9th international World Wide Web conference on Computer networks : the international journal of computer and telecommunications netowrking
ACM SIGAda Ada Letters
Practical Intranet Security: Overview of the State of the Art and Available Technologies
Practical Intranet Security: Overview of the State of the Art and Available Technologies
Communications of the ACM - Medical image modeling
Network security: private communication in a public world, second edition
Network security: private communication in a public world, second edition
Privacy and e-commerce: a consumer-centric perspective
Electronic Commerce Research
Service oriented system for business cooperation
Proceedings of the 2nd international workshop on Systems development in SOA environments
Attribute-Based authentication and authorisation infrastructures for e-commerce providers
EC-Web'06 Proceedings of the 7th international conference on E-Commerce and Web Technologies
Towards a risk management perspective on AAIs
TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
| Hi-index | 0.00 |
One of the reasons for the failure of PKI in b2c e-commerce might be that too much effort was put in entity authentication. In many applications it is not necessary to know who an entity actually is, but to be sure that he/she possesses the proper rights to perform the desired action. This is exactly the purpose of Authentication and Authorisation Infrastructures (AAIs). Today several proposals and running AAIs are available focusing on different aspects. The purpose of this paper is firstly to introduce common representatives and to discuss their focus, secondly to develop criteria and requirements that any AAI for b2c e-commerce has to fulfil and finally evaluate the proposals against the developed criteria. Candidates for evaluation are Kerberos, SESAME, PERMIS, AKENTI, Microsoft Passport, Shibboleth and the Liberty Framework.