Large-scale deployment of e-commerce solutions between various enterprises over public networks requires careful consideration of security issues. In this paper we will address the particular problem of inter-enterprise authorization, as would be required if, for example, a business process spans several organizations and data is passed among enterprises during the execution of the process. In this paper we propose the MIERA scheme for authorization, which can be used for both intra- or inter-enterprise authorization. MIERA makes authorization decisions based on roles, which are represented by anonymous role certificates. We also define an authorization tree A(T) for a transaction of type T that determines what combination of roles can authorize transactions of type T. In the case of inter- enterprise authorization, we can use a hashed version of A(T) to reduce space requirements and also to obscure the decision procedure information in A(T), but which still permits transactions of type T to be authorized.
By: Heiko Ludwig, Luke O'Connor and Simon Kramer
Published in: Electronic Commerce and Web Technologies, ed. by K. Bauknecht, S.K. Madria and G. Pernul. , Berlin, Springer-Verlag, p.133-44 in 2000
Please obtain a copy of this paper from your local library. IBM cannot distribute this paper externally.
Questions about this service can be mailed to reports@us.ibm.com .