Title :
A decentralized authorization mechanism for e-business applications
Author_Institution :
Distributed Syst. Group, Tech. Univ. of Vienna, Austria
Abstract :
E-business applications need robust and powerful mechanisms to authorize security-critical actions. These actions can be very complex, since they can be initiated not only by human users but also by applications or software agents. Existing authorization mechanisms do not scale for large number of users if the trust relations are dynamic and fail to provide reliable authorization among strangers. Our mechanism uses authorization relevant attributes to define the policy. The attributes are assigned to principals in a decentralized manner. We also present a method to reduce the financial losses which may arise if the authorization mechanism fails. We conclude the paper with our plans for future research.
Keywords :
authorisation; electronic commerce; decentralized authorization mechanism; e-business applications; financial losses; security-critical action authorization; software agents; trust relations; Access control; Application software; Authentication; Authorization; Contracts; Humans; Public key; Public key cryptography; Robustness; Software agents;
Conference_Titel :
Database and Expert Systems Applications, 2002. Proceedings. 13th International Workshop on
Print_ISBN :
0-7695-1668-8
DOI :
10.1109/DEXA.2002.1045938
