Security over the Internet depends on a clear distinction between authorized and un-authorized principals. Discriminating between the two involves: identification (user identifies himself/herself), authentication (the system validates the user’s identity) and authorization (specific rights granted). Thus, it is important to develop specifications for access control that realize the above properties with ease. Public Key Infrastructures (PKIs) provide a basis for specifying access-control to the users in a secure and non-reputable fashion. Some of the general deficiencies of PKIs are: (i) they are rigid and cannot scale across different PKI frameworks, (ii) due to efficiency reasons, PKIs are constrained to be just static data-structures shipped across domains and hence cannot carry any dynamic or state-based information, and (iii) for reasons of (ii) the recipients are not explicitly defined. In this paper, we shall argue that a judicious mix of digital certificates and authentication mechanisms would lead to a flexible security policy specification having both static and dynamic capabilities and lead to user-friendly mechanisms to achieve availability of secure services in e-commerce.
[1]
Jonathan S. Shapiro,et al.
Paradigm Regained: Abstraction Mechanisms for Access Control
,
2003,
ASIAN.
[2]
Joan Feigenbaum,et al.
The KeyNote Trust-Management System Version 2
,
1999,
RFC.
[3]
Ronald L. Rivest,et al.
Certificate Chain Discovery in SPKI/SDSI
,
2002,
J. Comput. Secur..
[4]
Ronald L. Rivest,et al.
SDSI - A Simple Distributed Security Infrastructure
,
1996
.
[5]
Stefan A. Brands,et al.
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
,
2000
.
[6]
W. Ford,et al.
Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption
,
2000
.
[7]
Joan Feigenbaum,et al.
Compliance Checking in the PolicyMaker Trust Management System
,
1998,
Financial Cryptography.
[8]
Mark S. Miller,et al.
Capability-Based Financial Instruments
,
2000,
Financial Cryptography.