Abstract
Authentication and authorisation has been a basic and necessary service for internet transactions. With the evolution of e-commerce, traditional mechanisms for data security and access control are becoming outdated. Several new standards have emerged which allow dynamic access control based on exchanging user attributes. Unfortunately, while providing highly secure and flexible access mechanisms is a very demanding task, it cannot be considered a core competency for most e-commerce corporations. Therefore, a need to outsource or at least share such services with other entities arises. Authen-tication and Authorisation Infrastructures (AAIs) can provide such integrated federations of security services. They could, in particular, provide attribute-based access control (ABAC) mechanisms and mediate customers’ demand for privacy and vendors’ needs for information. We propose an AAI reference model that includes ABAC functionality based on the XACML standard and lessons learned from various existing AAIs. AAIs analysed are AKENTI, CARDEA, CAS, GridShib, Liberty ID-FF, Microsoft .NET Passport, PAPI, PERMIS, Shibboleth and VOMS.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alfieri, R., Cecchini, R., Ciaschini, V., dell’Agnello, L., Frohner, Á., Gianoli, A., Lörentey, K., Spataro, F.: VOMS, an Authorization System for Virtual Organizations. In: Fernández Rivera, F., Bubak, M., Gómez Tato, A., Doallo, R. (eds.) Across Grids 2003. LNCS, vol. 2970, pp. 33–40. Springer, Heidelberg (2004)
Busch, S., Muschall, B., Pernul, G., Priebe, T.: Authrule: A Generic Rule-Based Authorization Module. In: Damiani, E., Liu, P. (eds.) Data and Applications Security 2006. LNCS, vol. 4127, pp. 267–281. Springer, Heidelberg (2006)
Cantor, S., Kemp, J.: Liberty ID-FF Protocols and Schema Specification (2003), http://www.projectliberty.org/specs/liberty-idff-protocols-schema-v1.2.pdf
Cantor, S.: Shibboleth Architecture, Protocols and Profiles, Working Draft 05, November 23 (2004), http://shibboleth.internet2.edu/docs/draft-mace-shibboleth-arch-protocols-05.pdf
Castro-Rojo, R., Lopez, D.R.: The PAPI system: point of access to providers of information. Computer Networks 37(6), 703–710 (2001)
Chadwick, D.W., Otenko, A.: The PERMIS X.509 role based privilege management infrastructure. Future Generation Comp. Syst. 19(2), 277–289 (2003)
Katsikas, S.K., Lopez, J., Pernul, G.: Trust, Privacy and Security in E-business: Requirements and Solutions. In: Bozanis, P., Houstis, E.N. (eds.) PCI 2005. LNCS, vol. 3746, pp. 548–558. Springer, Heidelberg (2005)
Lepro, R.: Cardea: Dynamic Access Control in Distributed Systems. NAS Technical Report NAS-03-020, 1-13 (2003)
Lopez, J., Oppliger, R., Pernul, G.: Authentication and Authorization Infrastructures (AAIs): A Comparative Survey. Computers & Security 23(7), 578–590 (2004)
Microsoft: Microsoft.NET Passport Review Guide (2003), www.microsoft.com/net/services/passport/review_guide.asp
OASIS Security Services Technical Committee: Security Assertion Markup Language (SAML) (2005), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
OASIS eXtensible Access Control Markup Language Technical Committee: eXtensible Access Control Markup Language (XACML) (2005), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
Pearlman, L., Kesselman, C., Welch, V., Foster, I., Tuecke, S.: The Community Authorization Service: Status and Future. In: 2003 Conference for Computing in High Energy and Nuclear Physics (2003)
Priebe, T., Dobmeier, W., Kamprath, N.: Supporting Attribute-based Access Control with Ontologies. In: 1st International Conference on Availability, Reliability and Security (2006)
Schlaeger, C., Pernul, G.: Authentication and Authorisation Infrastructures in b2c e-commerce. In: Bauknecht, K., Pröll, B., Werthner, H. (eds.) EC-Web 2005. LNCS, vol. 3590, pp. 306–315. Springer, Heidelberg (2005)
Schläger, C., Nowey, T.: Towards a Risk Management Perspective on AAIs. In: Fischer-Hübner, S., Furnell, S., Lambrinoudakis, C. (eds.) TrustBus 2006. LNCS, vol. 4083, pp. 41–50. Springer, Heidelberg (2006)
Thompson, M., Essiari, A., Mudumbai, S.: Certificate-based Authorization Policy in a PKI Environment. ACM Transactions on Information and System Security 6(4), 566–588 (2003)
Welch, V., Barton, T., Keahey, K., Siebenlist, F.: Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration. In: 4th Annual PKI R&D Workshop (2005)
Yuan, E., Tong, J.: Attribute Based Access Control (ABAC) for Web Services. In: International Conference on Web Services 2005, pp. 561–569 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Schläger, C., Sojer, M., Muschall, B., Pernul, G. (2006). Attribute-Based Authentication and Authorisation Infrastructures for E-Commerce Providers. In: Bauknecht, K., Pröll, B., Werthner, H. (eds) E-Commerce and Web Technologies. EC-Web 2006. Lecture Notes in Computer Science, vol 4082. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11823865_14
Download citation
DOI: https://doi.org/10.1007/11823865_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-37743-6
Online ISBN: 978-3-540-37745-0
eBook Packages: Computer ScienceComputer Science (R0)