Communications of the ACM
Communications of the ACM
World Wide Web Journal - Special issue on XML: principles, tools, and techniques
The multipolicy paradigm for trusted systems
NSPW '92-93 Proceedings on the 1992-1993 workshop on New security paradigms
Secure Books: Protecting the Distribution of Knowledge
Proceedings of the 5th International Workshop on Security Protocols
Jikzi: A New Framework for Secure Publishing
Proceedings of the 7th International Workshop on Security Protocols
The eternal resource locator: an alternative means of establishing trust on the world wide web
WOEC'98 Proceedings of the 3rd conference on USENIX Workshop on Electronic Commerce - Volume 3
A security policy model for clinical information systems
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
A practical and robust inter-domain marking scheme for IP traceback
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.24 |
In this paper, we will describe a thread of research, which we have followed off and on at Cambridge for about three years. Our topic is the security of electronic documents, in the broad sense: how can we be sure of the authenticity of things that are published electronically? This started off as a relatively small project, which we thought would take only a few weeks. The goal was to help our medical informatics department publish information such as drug formularies and treatment protocols on the hospital LAN or PC diskettes, in an appropriately dependable way. It rapidly became clear that the problem was much larger and more complex; a general solution would not only cope with 'content' - text, audio, video, software, whatever - but also with objects such as public key certificates. If done properly, it would give us a systematic way to deal with security policy on the web. Our goal now is to let people build integrated publishing and e-commerce services using simple, uniform and appropriate mechanisms. Our proposed solution is a single transparent markup language that allows us to support multiple security policies, plus supporting material ranging from a test implementation to an authentication logic.