On the effects of authentication and authorisation infrastructures on e-commerce activities

Authentication and Authorisation Infrastructures (AAIs) support service providers on the Internet in outsourcing security services. AAIs influence and change the process of e-commerce transactions on multiple points. Changes influence users, service providers, and provider federations likewise. This work analyses the alterations implied by an AAI, comparing various AAI paradigms and traditional service providing. Effects explored comprise new functionalities, influenced trust relationships, risk management, economic factors, and user privacy. Compared to traditional service providing on the Internet, AAI usage is generally advantageous for all involved parties. However, allocations of services and AAI architectures have a direct impact on the benefits and risks. This work enables vendors and clients to assess security infrastructures and decide on the usage.

[1]  Huseyin Cavusoglu,et al.  Model for Evaluating , 2022 .

[2]  John Leubsdorf,et al.  Privacy and Freedom , 1968 .

[3]  Günther Pernul,et al.  Attribute-Based Authentication and Authorisation Infrastructures for E-Commerce Providers , 2006, EC-Web.

[4]  Christian Schläger,et al.  Towards a Risk Management Perspective on AAIs , 2006, TrustBus.

[5]  Hannes Federrath,et al.  Ansätze zur Evaluierung von Sicherheitsinvestitionen , 2005, Sicherheit.

[6]  José A. Montenegro,et al.  A reference model for Authentication and Authorisation Infrastructures respecting privacy and flexibility in b2c eCommerce , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[7]  Shari Lawrence Pfleeger Risky business: what we have yet to learn about risk management , 2000, J. Syst. Softw..

[8]  Rolf Oppliger,et al.  Security Technologies for the World Wide Web , 2000 .

[9]  Norman L. Chervany,et al.  Conceptualizing trust: a typology and e-commerce customer relationships model , 2001, Proceedings of the 34th Annual Hawaii International Conference on System Sciences.

[10]  A. Jøsang,et al.  User Centric Identity Management , 2005 .

[11]  Andrew S. Tanenbaum,et al.  Distributed systems: Principles and Paradigms , 2001 .

[12]  Diego R. López,et al.  The PAPI system: point of access to providers of information , 2001, Comput. Networks.

[13]  Hannes Federrath,et al.  Anonyme und unbeobachtbare Kommunikation im Internet , 2002, GI Jahrestagung.

[14]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[15]  Hannes Federrath Privacy Enhanced Technologies: Methods - Markets - Misuse , 2005, TrustBus.

[16]  Christian Schläger,et al.  Effects of Architectural Decisions in Authentication and Authorisation Infrastructures , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[17]  Rolf Oppliger,et al.  Authentication and authorization infrastructures (AAIs): a comparative survey , 2004, Comput. Secur..

[18]  Marco Cremonini,et al.  Evaluating Information Security Investments from Attackers Perspective: the Return-On-Attack (ROA) , 2005, WEIS.

[19]  Günther Pernul,et al.  Authentication and Authorisation Infrastructures in b2c e-Commerce , 2005, EC-Web.

[20]  David Gefen,et al.  The conceptualization of trust, risk and their electronic commerce: the need for clarifications , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.