Abstract
One of the reasons for the failure of PKI in b2c e-commerce might be that too much effort was put in entity authentication. In many applications it is not necessary to know who an entity actually is, but to be sure that he/she possesses the proper rights to perform the desired action. This is exactly the purpose of Authentication and Authorisation Infrastructures (AAIs). Today several proposals and running AAIs are available focusing on different aspects. The purpose of this paper is firstly to introduce common representatives and to discuss their focus, secondly to develop criteria and requirements that any AAI for b2c e-commerce has to fulfil and finally evaluate the proposals against the developed criteria. Candidates for evaluation are Kerberos, SESAME, PERMIS, AKENTI, Microsoft Passport, Shibboleth and the Liberty Framework.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ashley, P.M., Vandenwauver, M.: Practical Intranet Security, Overview of the State of the Art and Available Technologies. Kluwer Academic Publishers, Dordrecht (1999)
Champine, G., Geer Jr., D., Ruh, W.: Project Athena as a Distributed Computer System. In: IEEE Computer, vol. 23(9), pp. 40–51 (1990)
Chadwick, D., Otenko, A.: The PERMIS X.509 role based privilege management infrastructure. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002), Monterey, California, USA, pp. 135–140 (2002)
Chadwick, D., Sahalayev, M.: Internet X.509 Public Key Infrastructure LDAP Schema for X.509 Attribute Certificates. In: PKIX WG Internet-Draft Standards Track (2003)
Kaufman, C., Perlman, R., Speciner, M.: Network Security: Private Communication in a Public World, 2nd edn. Prentice Hall PTR, Englewood Cliffs (2002)
Kormann, P., Rubin, A.: Risks of the Passport single signon protocol. In: Computer Networks, vol. 33(1-6), pp. 51–58. Elsevier Science Press, Netherlands (2000)
Liberty ID-FF: Bindings and Profiles Specification, Liberty Alliance Project 2004-10-21, http://www.projectliberty.org/specs/liberty-idff-bindings-profiles-v1.2.pdf (Accessed 2004-10-21)
Liberty ID-FF: Protocols and Schema Specification, Liberty Alliance Project (2003), http://www.projectliberty.org/specs/liberty-idff-protocols-schema-v1.2.pdf (Accessed 2004-10-21)
Lopez, J., Oppliger, R., Pernul, G.: Why have Public Key Infrastructures failed so far? Submitted for publication (2005)
Microsoft Passport Review Guide, http://download.microsoft.com/download/a/f/4/af49b391-086e-4aa2-a84b-ef6d916b2f08/passport_reviewguide.doc (Accessed 2004-11-09)
Chadwick, D., Otenko, O.: A Comparison of the Akenti and PERMIS Authorization Infrastructures. In: Ensuring Security in IT Infrastructures, proceedings of the ITI First International Conference on Information and Communications Technology (ICICT 2003), Cairo, Egypt, pp. 5–26 (2003)
Farrell, S., Housley, R.: An Internet Attribute Certificate Profile for Authorization. Request for Comments 3281. IETF PKIX Working Group (2002)
Cantor, S.: Shibboleth Architecture Protocols and Profiles Working Draft 05 (November 2004), http://shibboleth.internet2.edu/docs/draft-mace-shibboleth-arch-protocols-05.pdf ( Accessed 2004-01-17)
Salam, A.F., Iyer, L., Palvia, P., Singh, R.: Trust in e-commerce. Communications of the ACM 48(2), 72–77 (2005)
Vandenwauver, M., Govaerts, R., Vandewalle, J.: Security of Client-Server Systems. In: Eloff, J.P., von Solms, R. (eds.) Information Security - from Small Systems to Management of Secure Infrastructures, pp. 39–54. IFIP Press (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Schlaeger, C., Pernul, G. (2005). Authentication and Authorisation Infrastructures in b2c e-Commerce. In: Bauknecht, K., Pröll, B., Werthner, H. (eds) E-Commerce and Web Technologies. EC-Web 2005. Lecture Notes in Computer Science, vol 3590. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11545163_31
Download citation
DOI: https://doi.org/10.1007/11545163_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28467-3
Online ISBN: 978-3-540-31736-4
eBook Packages: Computer ScienceComputer Science (R0)