A reference model for Authentication and Authorisation Infrastructures respecting privacy and flexibility in b2c eCommerce

First International Conference on Availability, Reliability and Security (ARES'06) Pub Date : 2006-04-20 DOI:10.1109/ARES.2006.13

Christian Schläger, Thomas Nowey, J. A. Montenegro

{"title":"A reference model for Authentication and Authorisation Infrastructures respecting privacy and flexibility in b2c eCommerce","authors":"Christian Schläger, Thomas Nowey, J. A. Montenegro","doi":"10.1109/ARES.2006.13","DOIUrl":null,"url":null,"abstract":"Authentication and Authorisation Infrastructures (AAIs) are gaining momentum throughout the Internet. Solutions have been proposed for various scenarios among them academia, grid computing, company networks, and above all eCommerce applications. Products and concepts vary in architecture, security features, target group, and usability containing different strengths and weaknesses. In addition security needs have changed in communication and business processes. Security on the Internet is no longer defined as only security measures for an eCommerce provider against an untrustworthy customer but also vice versa. Consequently, privacy, data canniness, and security are demands in this area. The authors define criteria for an eCommerce provider federation using an AAI with a maximum of privacy and flexibility. The criteria is derived concentrating on b2c eCommerce applications fulfilling the demands. In addition to best practices found, XACML policies and an attribute infrastructure are deployed. Among the evaluated AAIs are Shibboleth, Microsoft Passport, the Liberty Alliance Framework, and PERMIS.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"First International Conference on Availability, Reliability and Security (ARES'06)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2006.13","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 23

Abstract

Authentication and Authorisation Infrastructures (AAIs) are gaining momentum throughout the Internet. Solutions have been proposed for various scenarios among them academia, grid computing, company networks, and above all eCommerce applications. Products and concepts vary in architecture, security features, target group, and usability containing different strengths and weaknesses. In addition security needs have changed in communication and business processes. Security on the Internet is no longer defined as only security measures for an eCommerce provider against an untrustworthy customer but also vice versa. Consequently, privacy, data canniness, and security are demands in this area. The authors define criteria for an eCommerce provider federation using an AAI with a maximum of privacy and flexibility. The criteria is derived concentrating on b2c eCommerce applications fulfilling the demands. In addition to best practices found, XACML policies and an attribute infrastructure are deployed. Among the evaluated AAIs are Shibboleth, Microsoft Passport, the Liberty Alliance Framework, and PERMIS.

查看原文本刊更多论文

关于b2c电子商务中隐私和灵活性的身份验证和授权基础设施的参考模型

身份验证和授权基础设施(aai)在整个互联网中获得了发展势头。已经为各种场景提出了解决方案，其中包括学术界、网格计算、公司网络以及最重要的电子商务应用程序。产品和概念在体系结构、安全特性、目标群体和可用性方面各不相同，包含不同的优缺点。此外，通信和业务流程中的安全需求也发生了变化。互联网上的安全不再仅仅定义为电子商务提供商针对不可信客户的安全措施，反之亦然。因此，隐私、数据谨慎性和安全性是这一领域的需求。作者定义了使用具有最大隐私性和灵活性的AAI的电子商务提供商联盟的标准。该标准集中于满足需求的b2c电子商务应用程序。除了找到的最佳实践之外，还部署了XACML策略和属性基础结构。被评估的人工智能包括Shibboleth、Microsoft Passport、Liberty Alliance Framework和PERMIS。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

First International Conference on Availability, Reliability and Security (ARES'06)

自引率

0.00%

发文量