Quality, Reliability, Security and Robustness in Heterogeneous Networks. 9th International Conference, QShine 2013, Greader Noida, India, January 11-12, 2013, Revised Selected Papers

Research Article

A Generalized Model for Internet-Based Access Control Systems with Delegation Support

Download
399 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-37949-9_84,
        author={Utharn Buranasaksee and Kriengkrai Porkaew and Umaporn Supasitthimethee},
        title={A Generalized Model for Internet-Based Access Control Systems with Delegation Support},
        proceedings={Quality, Reliability, Security and Robustness in Heterogeneous Networks. 9th International Conference, QShine 2013, Greader Noida, India, January 11-12, 2013, Revised Selected Papers},
        proceedings_a={QSHINE},
        year={2013},
        month={7},
        keywords={design implementation distributed access control distributed system classification delegation},
        doi={10.1007/978-3-642-37949-9_84}
    }
    
  • Utharn Buranasaksee
    Kriengkrai Porkaew
    Umaporn Supasitthimethee
    Year: 2013
    A Generalized Model for Internet-Based Access Control Systems with Delegation Support
    QSHINE
    Springer
    DOI: 10.1007/978-3-642-37949-9_84
Utharn Buranasaksee1,*, Kriengkrai Porkaew1,*, Umaporn Supasitthimethee1,*
  • 1: King Mongkut’s University of Technology
*Contact email: 54500702@st.sit.kmutt.ac.th, porkaew@sit.kmutt.ac.th, umaporn@sit.kmutt.ac.th

Abstract

In the web environment, web browsers use HTTP/HTTPS to communicate between users and web/application servers. However, many internet activities require interactions among three parties without compromising confidentiality. For example, an e-commerce transaction requires a buyer to authorize an e-commerce website to withdraw money from the buyer’s bank account at an internet banking website. Although several existing works have been proposed to solve this problem, they are done in ad-hoc manners or lack of some important properties. This paper proposes a model, called PRA (Provider-Requestor-Authorizer), for generalizing three-party communication in the web-environment in order to identify desirable properties that can be used to measure the goodness of protocols for and classify them. We found that PRA model can generalize three-party communication protocols to a single model from conceptual level to implementation level.