Secure electronic commerce: building the infrastructure for digital signatures and encryption
Secure electronic commerce: building the infrastructure for digital signatures and encryption
Security technologies for the World Wide Web
Security technologies for the World Wide Web
Internet and Intranet Security
Internet and Intranet Security
Authentication Systems for Secure Networks
Authentication Systems for Secure Networks
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
| Hi-index | 0.00 |
In the recent past, a lot of work has been done in establishing public key infrastructures (PKIs) for electronic commerce (e-commerce) applications. Unfortunately, most of these PKIs can onlybe used to authenticate the participants of e-commerce applications: they can't be used to properly authorize the participants and to control access to system resources accordingly. Consequently, these PKIs address only half of the problem with regard to e-commerce applications, and some complementary technologies are required to address the authorization problem, as well. In this paper, we elaborate on such technologies and corresponding authorization methods for e-commerce applications. In particular, we address certificate-based authorization, the use of attribute and SDSI/spki certificates, as well as the use of databases. We conclude with the insight that there is no single best authorization method, and that different e-commerce applications may require different authorization methods.