Skip to main content
SpringerLink
Log in

Attribute-Based Authentication and Authorisation Infrastructures for E-Commerce Providers

  • Conference paper
E-Commerce and Web Technologies (EC-Web 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4082))

Included in the following conference series:

Abstract

Authentication and authorisation has been a basic and necessary service for internet transactions. With the evolution of e-commerce, traditional mechanisms for data security and access control are becoming outdated. Several new standards have emerged which allow dynamic access control based on exchanging user attributes. Unfortunately, while providing highly secure and flexible access mechanisms is a very demanding task, it cannot be considered a core competency for most e-commerce corporations. Therefore, a need to outsource or at least share such services with other entities arises. Authen-tication and Authorisation Infrastructures (AAIs) can provide such integrated federations of security services. They could, in particular, provide attribute-based access control (ABAC) mechanisms and mediate customers’ demand for privacy and vendors’ needs for information. We propose an AAI reference model that includes ABAC functionality based on the XACML standard and lessons learned from various existing AAIs. AAIs analysed are AKENTI, CARDEA, CAS, GridShib, Liberty ID-FF, Microsoft .NET Passport, PAPI, PERMIS, Shibboleth and VOMS.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alfieri, R., Cecchini, R., Ciaschini, V., dell’Agnello, L., Frohner, Á., Gianoli, A., Lörentey, K., Spataro, F.: VOMS, an Authorization System for Virtual Organizations. In: Fernández Rivera, F., Bubak, M., Gómez Tato, A., Doallo, R. (eds.) Across Grids 2003. LNCS, vol. 2970, pp. 33–40. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  2. Busch, S., Muschall, B., Pernul, G., Priebe, T.: Authrule: A Generic Rule-Based Authorization Module. In: Damiani, E., Liu, P. (eds.) Data and Applications Security 2006. LNCS, vol. 4127, pp. 267–281. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  3. Cantor, S., Kemp, J.: Liberty ID-FF Protocols and Schema Specification (2003), http://www.projectliberty.org/specs/liberty-idff-protocols-schema-v1.2.pdf

  4. Cantor, S.: Shibboleth Architecture, Protocols and Profiles, Working Draft 05, November 23 (2004), http://shibboleth.internet2.edu/docs/draft-mace-shibboleth-arch-protocols-05.pdf

  5. Castro-Rojo, R., Lopez, D.R.: The PAPI system: point of access to providers of information. Computer Networks 37(6), 703–710 (2001)

    Article  Google Scholar 

  6. Chadwick, D.W., Otenko, A.: The PERMIS X.509 role based privilege management infrastructure. Future Generation Comp. Syst. 19(2), 277–289 (2003)

    Article  Google Scholar 

  7. Katsikas, S.K., Lopez, J., Pernul, G.: Trust, Privacy and Security in E-business: Requirements and Solutions. In: Bozanis, P., Houstis, E.N. (eds.) PCI 2005. LNCS, vol. 3746, pp. 548–558. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  8. Lepro, R.: Cardea: Dynamic Access Control in Distributed Systems. NAS Technical Report NAS-03-020, 1-13 (2003)

    Google Scholar 

  9. Lopez, J., Oppliger, R., Pernul, G.: Authentication and Authorization Infrastructures (AAIs): A Comparative Survey. Computers & Security 23(7), 578–590 (2004)

    Article  Google Scholar 

  10. Microsoft: Microsoft.NET Passport Review Guide (2003), www.microsoft.com/net/services/passport/review_guide.asp

  11. OASIS Security Services Technical Committee: Security Assertion Markup Language (SAML) (2005), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security

  12. OASIS eXtensible Access Control Markup Language Technical Committee: eXtensible Access Control Markup Language (XACML) (2005), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml

  13. Pearlman, L., Kesselman, C., Welch, V., Foster, I., Tuecke, S.: The Community Authorization Service: Status and Future. In: 2003 Conference for Computing in High Energy and Nuclear Physics (2003)

    Google Scholar 

  14. Priebe, T., Dobmeier, W., Kamprath, N.: Supporting Attribute-based Access Control with Ontologies. In: 1st International Conference on Availability, Reliability and Security (2006)

    Google Scholar 

  15. Schlaeger, C., Pernul, G.: Authentication and Authorisation Infrastructures in b2c e-commerce. In: Bauknecht, K., Pröll, B., Werthner, H. (eds.) EC-Web 2005. LNCS, vol. 3590, pp. 306–315. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  16. Schläger, C., Nowey, T.: Towards a Risk Management Perspective on AAIs. In: Fischer-Hübner, S., Furnell, S., Lambrinoudakis, C. (eds.) TrustBus 2006. LNCS, vol. 4083, pp. 41–50. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  17. Thompson, M., Essiari, A., Mudumbai, S.: Certificate-based Authorization Policy in a PKI Environment. ACM Transactions on Information and System Security 6(4), 566–588 (2003)

    Article  Google Scholar 

  18. Welch, V., Barton, T., Keahey, K., Siebenlist, F.: Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration. In: 4th Annual PKI R&D Workshop (2005)

    Google Scholar 

  19. Yuan, E., Tong, J.: Attribute Based Access Control (ABAC) for Web Services. In: International Conference on Web Services 2005, pp. 561–569 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Regensburg, Universitätsstrasse 31, D-93053, Regensburg, Germany

    Christian Schläger, Manuel Sojer, Björn Muschall & Günther Pernul

Authors
  1. Christian Schläger
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Manuel Sojer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Björn Muschall
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Günther Pernul
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Informatics (IFI), University of Zurich, Winterthurer Stra{ß}e 190, 8057, Zurich, Switzerland

    Kurt Bauknecht

  2. Johannes Kepler Universität Linz, Altenbergerstrasse 69, A-4040, Linz,  

    Birgit Pröll

  3. Institute for Software Technology and Interactive Systems, Vienna University of Technology, Favoritenstrasse 9-11/188, A-1040, Vienna, Austria

    Hannes Werthner

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Schläger, C., Sojer, M., Muschall, B., Pernul, G. (2006). Attribute-Based Authentication and Authorisation Infrastructures for E-Commerce Providers. In: Bauknecht, K., Pröll, B., Werthner, H. (eds) E-Commerce and Web Technologies. EC-Web 2006. Lecture Notes in Computer Science, vol 4082. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11823865_14

Download citation

  • DOI: https://doi.org/10.1007/11823865_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-37743-6

  • Online ISBN: 978-3-540-37745-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation