电子商务应用程序的分散授权机制

Proceedings. 13th International Workshop on Database and Expert Systems Applications Pub Date : 2002-09-02 DOI:10.1109/DEXA.2002.1045938

Z. Miklós

{"title":"电子商务应用程序的分散授权机制","authors":"Z. Miklós","doi":"10.1109/DEXA.2002.1045938","DOIUrl":null,"url":null,"abstract":"E-business applications need robust and powerful mechanisms to authorize security-critical actions. These actions can be very complex, since they can be initiated not only by human users but also by applications or software agents. Existing authorization mechanisms do not scale for large number of users if the trust relations are dynamic and fail to provide reliable authorization among strangers. Our mechanism uses authorization relevant attributes to define the policy. The attributes are assigned to principals in a decentralized manner. We also present a method to reduce the financial losses which may arise if the authorization mechanism fails. We conclude the paper with our plans for future research.","PeriodicalId":254550,"journal":{"name":"Proceedings. 13th International Workshop on Database and Expert Systems Applications","volume":"45 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2002-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"A decentralized authorization mechanism for e-business applications\",\"authors\":\"Z. Miklós\",\"doi\":\"10.1109/DEXA.2002.1045938\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"E-business applications need robust and powerful mechanisms to authorize security-critical actions. These actions can be very complex, since they can be initiated not only by human users but also by applications or software agents. Existing authorization mechanisms do not scale for large number of users if the trust relations are dynamic and fail to provide reliable authorization among strangers. Our mechanism uses authorization relevant attributes to define the policy. The attributes are assigned to principals in a decentralized manner. We also present a method to reduce the financial losses which may arise if the authorization mechanism fails. We conclude the paper with our plans for future research.\",\"PeriodicalId\":254550,\"journal\":{\"name\":\"Proceedings. 13th International Workshop on Database and Expert Systems Applications\",\"volume\":\"45 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2002-09-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings. 13th International Workshop on Database and Expert Systems Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DEXA.2002.1045938\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. 13th International Workshop on Database and Expert Systems Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DEXA.2002.1045938","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

摘要

电子商务应用程序需要健壮而强大的机制来授权对安全至关重要的操作。这些操作可能非常复杂，因为它们不仅可以由人类用户发起，还可以由应用程序或软件代理发起。如果信任关系是动态的，现有的授权机制无法在大量用户中扩展，并且无法在陌生人之间提供可靠的授权。我们的机制使用授权相关属性来定义策略。属性以分散的方式分配给主体。我们还提出了一种方法来减少由于授权机制失败而可能产生的财务损失。最后，我们提出了未来研究的计划。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A decentralized authorization mechanism for e-business applications

E-business applications need robust and powerful mechanisms to authorize security-critical actions. These actions can be very complex, since they can be initiated not only by human users but also by applications or software agents. Existing authorization mechanisms do not scale for large number of users if the trust relations are dynamic and fail to provide reliable authorization among strangers. Our mechanism uses authorization relevant attributes to define the policy. The attributes are assigned to principals in a decentralized manner. We also present a method to reduce the financial losses which may arise if the authorization mechanism fails. We conclude the paper with our plans for future research.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings. 13th International Workshop on Database and Expert Systems Applications

自引率

0.00%

发文量