Authorization methods for e-commerce applications

Author

Oppliger, Rolf

Author_Institution

FSUIT, Berne

fYear

1999

fDate

1999

Firstpage

366

Lastpage

371

Abstract

In the recent past, a lot of work has been done in establishing public key infrastructures (PKIs) for electronic commerce (e-commerce) applications Unfortunately, most of these PKIs can only be used to authenticate the participants of e-commerce applications; they can´t be used to properly authorize the participants and to control access to system resources accordingly. Consequently, these PKIs address only half of the problem with regard to e-commerce applications and some complementary technologies are required to address the authorization problem as well. We elaborate on such technologies and corresponding authorization methods for e-commerce applications. In particular we address certificate based authorization, the use of attribute and SDSI/SPKI certificates, as well as the use of databases. We conclude with the insight that there is no single best authorization method, and that different e-commerce applications may require different authorization methods

Keywords

Internet; authorisation; certification; electronic commerce; message authentication; public key cryptography; PKIs; SDSI/SPKI certificates; authorization methods; authorization problem; certificate based authorization; complementary technologies; databases; e-commerce applications; electronic commerce; public key infrastructures; system resources; Authorization; Decision support systems;

fLanguage

English

Publisher

ieee

Conference_Titel

Reliable Distributed Systems, 1999. Proceedings of the 18th IEEE Symposium on

Conference_Location

Lausanne

ISSN

1060-9857

Print_ISBN

0-7695-0290-3

Type

conf

DOI

10.1109/RELDIS.1999.805125

Filename

805125