Programming in Prolog (2nd ed.)
Programming in Prolog (2nd ed.)
Money in electronic commerce: digital cash, electronic fund transfer, and Ecash
Communications of the ACM
Computational Issues in Secure Interoperation
IEEE Transactions on Software Engineering
Atomicity in electronic commerce
PODC '96 Proceedings of the fifteenth annual ACM symposium on Principles of distributed computing
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
Relational transducers for electronic commerce
PODS '98 Proceedings of the seventeenth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
Locality-aware request distribution in cluster-based network servers
Proceedings of the eighth international conference on Architectural support for programming languages and operating systems
A role-based access control model and reference implementation within a corporate intranet
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A declarative approach to business rules in contracts: courteous logic programs in XML
Proceedings of the 1st ACM conference on Electronic commerce
Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems
ACM Transactions on Software Engineering and Methodology (TOSEM)
Efficient fault-tolerant certificate revocation
Proceedings of the 7th ACM conference on Computer and communications security
A modular approach to composing access control policies
Proceedings of the 7th ACM conference on Computer and communications security
Establishing Business Rules for Inter-Enterprise Electronic Commerce
DISC '00 Proceedings of the 14th International Conference on Distributed Computing
Dealing with Multi-policy Security in Large Open Distributed Systems
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Financial Cryptography in 7 Layers
FC '00 Proceedings of the 4th International Conference on Financial Cryptography
Can We Eliminate Certificate Revocations Lists?
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Revocation: Options and Challenges
FC '98 Proceedings of the Second International Conference on Financial Cryptography
A Response to ''Can We Eliminate Certificate Revocation Lists?''
FC '00 Proceedings of the 4th International Conference on Financial Cryptography
An Authorization Model and Its Formal Semantics
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
A propositional policy algebra for access control
ACM Transactions on Information and System Security (TISSEC)
NetBill: An Internet commerce system optimized for network delivered services
COMPCON '95 Proceedings of the 40th IEEE Computer Society International Conference
Methods and Limitations of Security Policy Reconciliation
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Mechanism for Establishing Policies for Electronic Commerce
ICDCS '98 Proceedings of the The 18th International Conference on Distributed Computing Systems
The Authorization Service of Tivoli Policy Director
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Communication Agreement Framework for Access/Action Control
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
The flask security architecture: system support for diverse security policies
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
NetBill security and transaction protocol
WOEC'95 Proceedings of the 1st conference on USENIX Workshop on Electronic Commerce - Volume 1
A comparison of methods for implementing adaptive security policies
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Efficient support for enterprise delegation policies
Proceedings of the 2005 ACM symposium on Applied computing
Hi-index | 0.00 |
E-commerce regulations are usually embedded in mutually agreed upon contracts. Generally, these contracts enumerate agents authorized to participate in transactions, and spell out such things like rights and obligations of each partner, and terms and conditions of the trade. An enterprise may be concurrently bound by a set of different contracts that regulate the trading relations with its various clients and suppliers. This set is dynamic because new contracts are constantly being established, and previously established contracts end, are annulled, or revised.We argue that existent access control mechanisms cannot adequately support the large number of regulations embedded in disparate, evolving contracts. To deal with this problem we propose to use certified policies. A certified policy (CP) is obtained by expressing contract terms regarding access and control regulations in a formal, interpretable language, and by having them digitally signed by a proper authority. In this framework, an agent making a request to a server presents to the server such a CP, together with other relevant credentials. A valid certified policy can then be used as the authorization policy for the request in question.It is the thesis of this article that this approach would make several aspects of contract enforcement more manageable and more efficient: (a) deployment---certified policies may be stored on certificate repositories from where they can be retrieved as needed, (b) annulment---if a contract is annulled, the corresponding CP should be invalidated; the latter can be conveniently supported by certificate revocation, and (c) revision---revision of contract terms can be done by publishing a new certified policy and by revoking the old one. The proposed approach is practical in that it does not require any modification of the current certificate infrastructure and only minor modifications to servers.In this article, we propose a language for stating contract terms and present several formal examples of certified policies. We describe the implementation of the enforcement mechanism and present experimental performance results.