Instance-level access control for business-to-business electronic commerce

IBM Systems Journal

Volumn 41, Issue 2, 2002, Pages 303-317

  Goodwin, Richard ^a   Goh, SweeFen ^a   Wu, Frederick Y ^a  

^a IBM T J WATSON RESEARCH CENTER   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTATIONAL METHODS; ELECTRONIC MAIL; JAVA PROGRAMMING LANGUAGE; WEBSITES;

ELECTRONIC MARKETPLACES;

ELECTRONIC COMMERCE;

EID: 0036994798     PISSN: 00188670     EISSN: None     Source Type: Journal    
DOI: 10.1147/sj.412.0303     Document Type: Article

References (16)

1. C. Bussler, "Policy Resolution in Workflow Management Systems," Digital Technical Journal 6, No. 4 (Fall 1994).
2. R. C. Summers, Secure Computing, McGraw-Hill, New York (1997).
3. B. W. Lampson, "Protection," Proceedings, 5th Annual Princeton Conference on Information Sciences and Systems, Princeton, NJ (March 25-26, 1971), pp. 437-443. Reprinted in Operating Systems Review 8, No. 1, 18-24 (January 1974).
4. B. W. Lampson, "Protection," Proceedings, 5th Annual Princeton Conference on Information Sciences and Systems, Princeton, NJ (March 25-26, 1971), pp. 437-443. Reprinted in Operating Systems Review 8, No. 1, 18-24 (January 1974).
5. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, "Role-Based Access Control Models," IEEE Computer 29, No. 2, 38-47 (February 1996).
6. J. Barkley and A. Cincotta, "Managing Role/Permission Relationships Using Object Access Types," Proceedings, 3rd ACM Workshop on Role-Based Access Control, Fairfax, VA (October 22-23, 1998), available at http://hissa.ncsl.nist.gov/rbac/rgperms/rgperms.htm.
7. L. Giuri and P. Iglio, "Role Templates for Content-Based Access Control," Proceedings, 2nd ACM Workshop on Role-Based Access Control, Fairfax, VA (October 28-29, 1999).
8. E. C. Cheng, "An Object-Oriented Organizational Model to Support Dynamic Role-Based Access Control in Electronic Commerce," Decision Support Systems 29, 357-369 (2000).
9. J. F. Barkley, A. V. Cincotta, D. F. Ferraiolo, S. Favrilla, and D. R. Kuhn, "Role-Based Access Control for the World Wide Web," Proceedings, 20th National Information Systems Security Conference, Baltimore, MD (October 1997); can be downloaded from http://hissa.ncsl.nist.gov/rbac/rbacweb/paper.ps.
10. S. Na and S. Cheon, "Role Delegation in Role-Based Access Control," Proceedings, 5th ACM Workshop on Role-Based Access Control, Berlin, Germany (July 26-28, 2000), pp. 39-44.
11. A. Lin and R. Brown, "The Application of Security Policy to Role-Based Access Control and the Common Data Security Architecture," Computer Communications 23, 1584-1593 (2000).
12. R. S. Sandhu, V. Bhamidipati, and Q. Munawer, "The ARBAC97 Model for Role-Based Administration of Roles," ACM Transactions on Information System Security 2, No. 1, 105-135 (February 1999).
13. This approach also does not require special treatment of administrative roles and the associated implementation machinery. See Reference 11 for an RBAC model that includes separate administrative roles.
14. B. S. Rubin, A. R. Christ, and K. A. Bohrer, "Java and the IBM San Francisco Project," IBM Systems Journal 37, No. 3, 365-371 (1998).
15. S. Bodoff, D. Green, E. Jendrock, M. Pawlan, and B. Stearns, The J2EE Tutorial, can be downloaded from http://java.sun.com/j2ee/tutorial/download.html/.
16. B. Shannon, Java 2 Platform, Enterprise Edition, Specification, v1.3, Proposed Final Draft 3 (March 30, 2001); available at http://java.sun.com/j2ee/j2ee-1_3-pfd3-spec.pdf.