Title :
Authorization methods for e-commerce applications
Author_Institution :
FSUIT, Berne
Abstract :
In the recent past, a lot of work has been done in establishing public key infrastructures (PKIs) for electronic commerce (e-commerce) applications Unfortunately, most of these PKIs can only be used to authenticate the participants of e-commerce applications; they can´t be used to properly authorize the participants and to control access to system resources accordingly. Consequently, these PKIs address only half of the problem with regard to e-commerce applications and some complementary technologies are required to address the authorization problem as well. We elaborate on such technologies and corresponding authorization methods for e-commerce applications. In particular we address certificate based authorization, the use of attribute and SDSI/SPKI certificates, as well as the use of databases. We conclude with the insight that there is no single best authorization method, and that different e-commerce applications may require different authorization methods
Keywords :
Internet; authorisation; certification; electronic commerce; message authentication; public key cryptography; PKIs; SDSI/SPKI certificates; authorization methods; authorization problem; certificate based authorization; complementary technologies; databases; e-commerce applications; electronic commerce; public key infrastructures; system resources; Authorization; Decision support systems;
Conference_Titel :
Reliable Distributed Systems, 1999. Proceedings of the 18th IEEE Symposium on
Conference_Location :
Lausanne
Print_ISBN :
0-7695-0290-3
DOI :
10.1109/RELDIS.1999.805125
