Scalable Regulation of Inter-enterprise Electronic Commerce

In the current electronic-commerce literature, a commercial transaction is commonly viewed as an exchange between two autonomous principals operating under some kind of contract between them--which needs to be formalized and enforced. But the situation can be considerably more complex in the case of inter-enterprise (also called business-to-business, or B2B) commerce. The participants in a B2B transaction are generally not autonomous agents, since their commercial activities are subject to the policies of their respective enterprises.It is our thesis, therefore, that a B2B transaction should be viewed as being governed by three distinct policies: the two policies that regulate the activities of the two principals, while operating as representatives of their respective enterprises, and the policy that reflects the contract between the two enterprises. These policies are likely to be independently developed, and may be quite heterogeneous. Yet, they have to interoperate, and must all be brought to bear in regulating each B2B transaction. This paper presents a mechanism for formulating such interoperating policies, and for their scalable enforcement, thus providing for regulated inter-enterprise electronic commerce.

[1]  Li Gong,et al.  Computational Issues in Secure Interoperation , 1996, IEEE Trans. Software Eng..

[2]  Hector Garcia-Molina,et al.  Making trust explicit in distributed commerce transactions , 1996, Proceedings of 16th International Conference on Distributed Computing Systems.

[3]  Victoria Ungureanu,et al.  Formal treatment of certificate revocation under communal access control , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[4]  Victoria Ungureanu,et al.  Law-Governed Internet Communities , 2000, COORDINATION.

[5]  Martín Abadi,et al.  The Millicent Protocol for Inexpensive Electronic Commerce , 1995, World Wide Web J..

[6]  Victoria Ungureanu,et al.  Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems , 2000, TSEM.

[7]  Terry Winograd,et al.  A communication agreement framework for access/action control , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[8]  Naftaly H. Minsky,et al.  The Imposition of Protocols Over Open Distributed Systems , 1991, IEEE Trans. Software Eng..

[9]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[10]  Valérie Issarny,et al.  Dealing with Multi-policy Security in Large Open Distributed Systems , 1998, ESORICS.

[11]  Victoria Ungureanu,et al.  Establishing Business Rules for Inter-Enterprise Electronic Commerce , 2000, DISC.