Using attribute certificates to implement role-based authorization and access controls
- Autor(en)
- Rolf Oppliger, Günther Pernul, Christine Strauss
- Abstrakt
Users of electronic commerce applications often face the problem of how to judge the value of a document that is digitally signed by someone claiming to be an authorized agent of a particular organization, such as a company or a federal office. While the claimant might provide a personal certificate that can be used for authentication, the more general questions are related to the issue of authorization: how can a user be certain that the agent is truly authorized to act on behalf of the organization and that the agent is acting in a legally-binding manner? Similarly, how can the organization be held liable for the digital signatures its authorized agents provide? This paper elaborates on possible means of addressing these and similar questions. In particular, it addresses the utilization of attribute certificates for implementing role-based authorization and access controls. In addition, the paper also elaborates on a possible implementation for commercial registers that could be used to certify the attribute authorities that issue attribute certificates.
- Organisation(en)
- Institut für Rechnungswesen, Innovation und Strategie
- Externe Organisation(en)
- Universität Regensburg
- Seiten
- 169-184
- Publikationsdatum
- 2000
- Peer-reviewed
- Ja
- ÖFOS 2012
- 102016 IT-Sicherheit, 502050 Wirtschaftsinformatik
- Schlagwörter
- Link zum Portal
- https://ucrisportal.univie.ac.at/de/publications/d449e7e0-9adb-4349-a0b7-77e589a684ee