Agent-based one-shot authorisation scheme in a commercial extranet environment
Au, Wai Ki Richard (2005) Agent-based one-shot authorisation scheme in a commercial extranet environment. PhD thesis, Queensland University of Technology.
The enormous growth of the Internet and the World Wide Web has provided the opportunity for an enterprise to extend its boundaries in the global business environment. While commercial functions can be shared among a variety of
strategic allies - including business partners and customers, extranets appear to be
the cost-effective solution to providing global connectivity for different user groups.
Because extranets allow third-party users into corporate networks, they need to be extremely secure and external access needs to be highly controllable. Access control and authorisation mechanisms must be in place to regulate user access to information/resources in a manner that is consistent with the current set of policies
and practices both at intra-organisational and cross-organisational levels.
In the business-to-customer (B2C) e-commerce setting, a service provider faces a wide spectrum of new customers, who may not have pre-existing relationships established. Thus the authorisation problem is particularly complex. In this thesis, a new authorisation scheme is proposed to facilitate the service provider to
establish trust with potential customers, grant access privileges to legitimate users and enforce access control in a diversified commercial environment. Four modules with a number of innovative components and mechanisms suitable for distributed authorisation on extranets are developed:
* One-shot Authorisation Module - One-shot authorisation token is designed as a flexible and secure credential for access control enforcement in client/server systems;
* Token-Based Trust Establishment Module - Trust token is proposed for server-centric trust establishment in virtual enterprise environment.
* User-Centric Anonymous Authorisation Module - One-task authorisation key and anonymous attribute certificate are developed for anonymous
authorisation in a multi-organisational setting;
* Agent-Based Privilege Negotiation Module - Privilege negotiation agents are proposed to provide dynamic authorisation services with secure client agent environment for hosting these agents on user's platform
Citation countsare sourced monthly fromand citation databases.
These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.
Citations counts from theindexing service can be viewed at the linked Google Scholar™ search.
Full-text downloadsdisplays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.
|Item Type:||QUT Thesis (PhD)|
|Supervisor:||Looi, Mark, Ashley, Paul, & Caelli, William|
|Keywords:||distributed authorisation, extranet, Intranet, smart card, personal secure device, authentication, security architecture, security server, trust establishment, trust token, credential-based authorisation, one-shot authorisation token, one-task authorisation key, anonymous attribute certificate, key binding certificate, anonymous authorisation, referee server, privilege negotiation agent, authorisation agent, secure client agent environment|
|Divisions:||Past > QUT Faculties & Divisions > Faculty of Science and Technology|
Past > Institutes > Information Security Institute
|Department:||Faculty of Information Technology|
|Institution:||Queensland University of Technology|
|Copyright Owner:||Copyright Wai Ki Richard Au|
|Deposited On:||03 Dec 2008 14:08|
|Last Modified:||29 Oct 2011 05:51|
Repository Staff Only: item control page