Abstract
This paper addresses the problem of inter-enterprise transaction authorization, as required when an employee of one organization commissions work to another organization. On receiving an order from another organization, a company wants to be sure that the sender is actually entitled to do so within his or her organization. The MIERA scheme can be used for both intra- and inter-enterprise authorization and bases the decisions on roles. We define an authorization tree for a transaction type that determines which combination of roles can authorize such transactions. This tree allows the order-receiving organization to verify whether the order-sending employee was properly authorized.
Simon Kramer stayed with the IBM Zurich Research Laboratory as a summer student for the MIERA project from August to October of 1999.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Lampson, B. W.: Protection. In: Proc. 5th Princeton Symposium of Information Sciences and Systems, Princeton University (1971) 437–443; reprinted in ACM Operating Systems Rev. 8(1) (1974) 18–24
Denning, D. E.: Cryptography and Data Security. Addison-Wesley, Reading, MA (1982)
Dennis, J. B., VanHorn, E. C.: Programming Semantics for Multiprogrammed Computations. Commun. ACM 9(3) (March 1966) 143–155
Graham, G. S., Denning, P. J.: Protection-Principles and Practice. In: AFIPS Spring Joint Computer Conference, Vol. 40 (1972) 417–429
Thomas, R., Sandhu, S.: Task-based Authorization: A Paradigm for Flexible and Adaptable Access Control in Distributed Applications. In: Proc. 16th NIST-NCSC National Computer Security Conference, Baltimore, MD (1993) 409–415
Woo, T. Y. C., Lam, S. S.: Authorization in Distributed Systems: A New Approach. J. Computer Security 2(2,3) (1993) 107–136
Thomas, R. K., Sandhu, R. S.: Task-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise Oriented Authorization Management. In:T.Y. Lin, S. Qian (Eds.) Database Security XI: Status and Prospects, IFIP TC11 WG11.3 11th Int’l Conf. on Database Security (Chapman & Hall, 1998) 166–181
Neuman, B. C., Ts’o, T.: Kerberos: An Authentication Service for Computer Networks. IEEE Commun. 32(9) (1994) 33–38
Trostle, J. T., Neuman, B. C.: A Flexible Distributed Authorization Protocol. In: Proc. Symposium on Network and Distributed Systems Security (1996): http://bilbo.isu.edu/sndss/sndss96.html
Kaiser, P., Parker, T., Pinkas, D.: SESAME: The Solution to Security for Open Distributed Systems. Computer Commun. 17(7) (1994) 501–518
McMahon, P. V.: SESAME V2 Public Key and Authorization Extensions to Kerberos. In: Proc. Symposium on Network and Distributed System Security (NDSS). IEEE Computer Society Press, Los Alamitos, CA (1995) 114–131
Blaze, M., Feigenbaum, J., Keromytis, A. D., Ioannidis, J.: The KeyNote Trust-Management System. Internet draft, draft-ietf-trustmgt-keynote-00.txt, Trust Management Working Group, August 1998
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proc. IEEE Symposium on Privacy and Security. IEEE Computer Society Press, Los Alamitos, CA (1996) 164–173
Ching, N., Jones, V., Winslett, M.: Authorization in the Digital Library: Secure Access to Services across Enterprise Boundaries. In: Proc. Advances in Digitial Libraries’ 96. IEEE Computer Society Press, Los Alamitos, CA (1996) 110–119
Woo, T. Y. C., Lam, S. S.: Designing a Distributed Authorization Service. In: Proc. IEEE INFOCOM’ 98, San Francisco (April 1998)
Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton, FL (1996)
Farrell, S.: An Internet AttributeCertificate Profile for Authorization, August 20, 1998: http://www.ietf.org/internet-drafts/draft-ietf-tls-ac509prof-00.txt
ISO/IEC 9594, Information Technology-Open Systems Interconnection-The Directory: Authentication Framework, 1993. Also published as ITU-T X.509 (1997 E) Recommendation, June 1997
Merkle, R. C.: A Certified Digital Signature. In: Brassard, G. (Ed). Advances in Cryptology, CRYPTO 89, Lecture Notes in Computer Science, Vol. 218. Springer, Berlin Heidelberg (1989) 218–238
Ludwig, H., O’Connor, L., Kramer, S.: MIERA: A Method for Inter-Enterprise Role-Based Authorization. IBM Research Report, RZ 3208, Zurich, February 2000
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ludwig, H., O’Connor, L., Kramer, S. (2000). MIERA: Method for Inter-Enterprise Role-Based Authorization. In: Bauknecht, K., Madria, S.K., Pernul, G. (eds) Electronic Commerce and Web Technologies. EC-Web 2000. Lecture Notes in Computer Science, vol 1875. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44463-7_12
Download citation
DOI: https://doi.org/10.1007/3-540-44463-7_12
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67981-3
Online ISBN: 978-3-540-44463-3
eBook Packages: Springer Book Archive