On the effects of authentication and authorisation infrastructures on e-commerce environments

Computer Systems Science and Engineering

Volumn 22, Issue 5, 2007, Pages 267-278

  Schläger, Christian ^a   Nowey, Thomas ^a  

^a UNIVERSITY OF REGENSBURG   (Germany)

Author keywords

Authentication and authorisation infrastructures; E commerce; IT outsourcing; IT security; Risk assessment

Indexed keywords

AUTHENTICATION; DATA PRIVACY; ECONOMIC ANALYSIS; INTERNET; OUTSOURCING; RISK ASSESSMENT; RISK MANAGEMENT; USER INTERFACES;

AUTHORIZATION INFRASTRUCTURES; SECURITY INFRASTRUCTURES; SECURITY SERVICES;

ELECTRONIC COMMERCE;

EID: 38949174954     PISSN: 02676192     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (33)

1. Berinato, S. (2002). Finally, a Real Return on Security Spending. CIO Magazin, Feb. 2002.
2. Cantor, S. (2004). Shibboleth Architecture Protocols and Profiles Working Draft 05. Accessible at http://shibboleth.internet2.edu/docs/draft- mace-shibboleth-arch-protocols-02.pdf.
3. Castro-Rojo, R. and López, D. R. (2001). The PAPI system: point of access to providers of information. Computer Networks, 37(6) 703-710.
4. Cavusoglu, H., Mishra, B. and Raghunathan, S. (2004). A model for evaluating IT security investments. Communications of the ACM, 47(7) 87-92.
5. Cremonini, M. and Martini, P. (2005). Evaluating Information Security Investments from Attackers Perspective: the Return-On-Attack (ROA). Proc. of the Fourth Workshop on the Economics of Information Security, Harvard, USA.
6. Federrath, H. (2005). Privacy Enhanced Technologies: Methods, Markets, Misuse. Proc. of the International Conference on Trust, Privacy & Security in Digital Business (TrustBus '05), Lecture Notes in Computer Science (LNCS), Vol. 3592, Copenhagen, Denmark, Springer.
7. Federrath, H., Köpseli, S. and Langos, H. (2002). Anonyme und unbeobachtbare Kommunikaton im Internet. Proc. of the 32. Jahrestagung der Gesellschaft für Informatik e.v., LNI 19, Dortmund, GI.
8. Feigenbaum, J. (1998). Towards an Infrastructure for Authorization -Position Paper. Proc. of the 3rd USENIX Workshop on Electronic Commerce - Invited Talks Supplement, Boston, Massachusetts, USA, USENIX.
9. Gefen, D., Rao, V. S. and Tractinsky, N. (2003). The Conceptualization of Trust, Risk and Their Relationship in Electronic Commerce: The Need for Clarifications. Proc. of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03), Kohala Coast, HI, USA, IEEE.
10. Jøsang, A. and Pope, S. (2005). User Centric Identity Management. Proc. of AusCERT Asia Pacific Information Technology Security Conference, Gold Coast.
11. Kilger, M., Arkin, O. and Stutzman, a. J. (2004) In Know Your Enemy: Learning about Security Threats(Ed, Project, T. H.) Addison-Wesley Professional, pp. 505-556.
12. Liberty Alliance (2004a). Liberty ID-FF Bindings and Profiles Specification. Accesible at http://www.projectliberty.org/liberty/content/ download/319/2369/file/draft-liberty-idff-bindings-profiles-1.2-errata-v2.0.pdf.
13. Liberty Alliance (2004b). Liberty ID-FF Protocols Schema Specification. Accesible at http://www.projectliberty.org/liberty/content/ download/2197/14625/file/draft-liberty-idff-protocols-schema1.2-errata-v3-0.pdf.
14. Lopez, J., Oppliger, R. and Pernul, G. (2004). Authentication and authorization infrastructures (AAIs): a comparative survey. Computers & Security, 23(7) 578-590.
15. McKnight, D. H. and Chervany, N. L. (2001). Conceptualizing Trust: A Typology and E-Commerce Customer Relationships Model. Proc. of the 34th Annual Hawaii International Conference on System Sciences ( HICSS'01), Kohala Coast, HI, USA, IEEE.
16. Microsoft Inc. (2003). Microsoft Passport Review Guide. Accesible at http://download.microsoft.com/download/a/f/4/af49b391-086e-4aa2-a84b- ef6d916b2f08/passport_reviewguide.doc.
17. National Bureau of Standards (1974). Guidelines for Automatic Data Processing, Physical Security and Risk Management, FIPS PUB 31. Accessible at http://www.governmentsecurity.org/articles/articles2/fips-31.pdf_fi/.
18. Nowey, T., Federrath, H., Klein, C. and Plößl, K. (2005). Ansätze zur Evaluierung von Sicherheitsinvestitionen. Proc. of the Annual "Sicherheit" Conference 2005, Lecture Notes in Informatics, Regensburg, Germany, GI.
19. OASIS eXtensible Access Control Markup Language Technical Committee eXtensible Access Control Markup Language (XACML). Accesible at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml.
20. OASIS Security Services Technical Committee Security Assertion Markup Language (SAML). Accesible at http://www.oasis-open.org/committees/tc_home. php?wg_abbrev=security.
21. Oppliger, R. (2003). Security technologies for the World Wide Web. Boston, Mass., USA, Artech House.
22. Pfleeger, C. P. and Pfleeger, S. L. (2003). Security in computing. Upper Saddle River, NJ, USA, Prentice Hall PTR.
23. Pfleeger, S. L. (2000). Risky business: what we have yet to learn about risk management. Journal of Systems and Software, 53(3) 265-273.
24. Rook, P. (1993). Risk Management for Software Development. ESCOM Tutorial, 24.
25. Schläger, C. and Ganslmayer, M. (2007). Effects of Architectural Decisions in Authentication and Authorisation Infrastructures. Proc. of the 2nd International Conference on Availability, Reliability and Security (ARES'07), Vienna, Austria, IEEE.
26. Schläger, C. and Nowey, T. (2006). Towards a Risk Management Perspective on AAIs. Proc. of the International Conference on Trust, Privacy & Security in Digital Business (TrustBus '06), Lecture Notes in Computer Science (LNCS), Vol. 4083, Krakow, Poland, Springer.
27. Schläger, C., Nowey, T. and Montenegro, J. A. (2006). A reference model for Authentication and Authorisation Infrastructures respecting privacy and flexibility in b2c E-Commerce. Proc. of the 1st International Conference on Availability, Reliability and Security (ARES 2006), Vienna, Austria, Vienna, Austria, IEEE.
28. Schläger, C. and Pernul, G. (2005). Authentication and Authorisation Infrastructures in b2c E-Commerce. Proc. of the International Conference on E-Commerce and Web Technologies (EC-Web'05), Copenhagen, Denmark, Lecture Notes in Computer Science (LNCS), Vol. 3590, Copenhagen, Denmark, Springer.
29. Schläger, C., Sojer, M., Muschall, B. and Pernul, G. (2006). Attribute-Based Authentication and Authorisation Infrastructures for E-Commerce Providers. Proc. of the International Conference on E-Commerce and Web Technologies (EC-Web'06), Krakow, Poland, Lecture Notes in Computer Science (LNCS), Vol. 4082, Krakow, Poland, Springer.
30. Tanenbaum, A. S. and Steen, M. v. (2002). Distributed systems: principles and paradigms. Upper Saddle River, N.J., USA, Prentice Hall.
31. Vidalis, S. (2004). A Critical Discussion of Risk and Threat Analysis Methods and Methodologie. Accessible at http://www.glam.ac.uk/socschool/ research/publications/technical/CS-04-03.pdf.
32. Wei, H., Frinke, D., Carter, O. and Ritter, C. (2001 ). Cost-Benefit Analysis for Network Intrusion Detection Systems. Proc. of the CSI 28th Annual Computer Security Conference, Washington, D.C., USA.
33. Westin, A. F. (1967). Privacy and freedom. NewYork, USA, Atheneum.