Strategic directions in electronic commerce and digital libraries: towards a digital agora
ACM Computing Surveys (CSUR) - Special ACM 50th-anniversary issue: strategic directions in computing research
MIERA: Method for Inter-Enterprise Role-Based Authorization
EC-WEB '00 Proceedings of the First International Conference on Electronic Commerce and Web Technologies
Hi-index | 0.00 |
In large-scale networked information systems (e.g. the World-Wide Web), the community of subjects who may make requests to a service provider such as a digital library will often extend beyond the local community to include individuals about whom little prior knowledge, if any, exists at the provider. This poses challenges for resource protection which do not exist in traditional computing environments. This paper presents a formal framework for secure access to information and services in such systems, where both the size of the user base AND a variety of local enterprise--dependent representations of user attributes must be considered. In our framework, an individual supplies digital credentials akin to traditional paper credentials with a request for service. To decide whether to grant the request, the recipient interprets the credentials using knowledge about the credential issuers (more precisely, of what conditions must hold for the issuers to have issued the credentials) rather than, or in addition to, specific knowledge about the requester. Our formalism for access control also provides a basis for security--oriented smart yellow pages facilities, which are directory services that manage queryable registries of information about service providers and their requirements.