Abstract
Past generations of access control models fail to meet the needs of many applications such as business-to-business (B2B) applications and auctions. This paper describes several access control models that have been recently proposed to address these emerging needs including models that are policy-neutral and flexible in that they permit enforcement of multiple policies on the same server, and models that incorporate richer semantics for access control, such as provisions and obligations.
This work was partially supported by the National Science Foundation under grants CCR-0113515 and IIS-0242237.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Apt, K.R., Blair, H., Walker, A.: Towards a theory of declarative knowledge. In: Minker, J. (ed.) Foundations of Deductive Databases and Logic Programming, Morgan Kaufmann, San Francisco (1988)
Ahn, G.-J., Sandhu, R.: Role-based authorization constraints specification. ACM Transactions on Information and Systems Security 3(4), 207–226 (2000)
Bettini, C., Jajodia, S., Wang, X.S., Wijesekera, D.: Obligation monitoring in policy management. In: Proc. 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), June 2002, pp. 2–12 (2002)
Bettini, C., Jajodia, S., Wang, X.S., Wijesekera, D.: Provisions and obligations in policy rule management and security applications. In: Proc. 28th International Conference on Very Large Data Bases, August 2002, pp. 502–513 (2002)
Bruggemann, H.: Rights in an object-oriented environment. In: Landwehr, C., Jajodia, S. (eds.) Database Security V: Status and Prospects, pp. 99–115. North-Holland, Amsterdam (1992)
Castano, S., Fugini, M., Samarati, P.: Database Security. Addison-Wesley, Wokingham (1994)
Dobson, J., McDermid, J.: A framework for expressing models of security policy. In: Proceedings of IEEE Symposium on Security and Privacy, May 1989, pp. 229–239 (1989)
Jajodia, S., Kudo, M., Subrahmanian, V.S.: Provisional authorizations. In: Ghosh, A. (ed.) E-Commerce Security and Privacy, pp. 133–159. Kluwer Academic Press, Boston (2001)
Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorizations. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA, May 1997, pp. 31–42 (1997)
Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Transactions on Database Systems 26(2), 214–260 (2001)
Kudo, M., Hada, S.: Xml document security based on provisional authorizations. In: Proceedings of the 7th ACM Conference on Computer and Communications Security, November 2000, pp. 87–96 (2000)
Wijesekera, D., Jajodia, S.: Obtaining constraint-compliant authorization lists within the flexible authorization framework. Submitted for publication (February 2003)
Wijesekera, D., Jajodia, S., Parisi-Presicce, F., Hagstrom, A.: Removing permissions in the flexible authorization framework. ACM Transactions on Database Systems (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jajodia, S., Wijesekera, D. (2004). A Flexible Authorization Framework for E-Commerce. In: Ghosh, R.K., Mohanty, H. (eds) Distributed Computing and Internet Technology. ICDCIT 2004. Lecture Notes in Computer Science, vol 3347. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30555-2_39
Download citation
DOI: https://doi.org/10.1007/978-3-540-30555-2_39
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24075-4
Online ISBN: 978-3-540-30555-2
eBook Packages: Computer ScienceComputer Science (R0)