Research Article
A Generalized Model for Internet-Based Access Control Systems with Delegation Support
@INPROCEEDINGS{10.1007/978-3-642-37949-9_84, author={Utharn Buranasaksee and Kriengkrai Porkaew and Umaporn Supasitthimethee}, title={A Generalized Model for Internet-Based Access Control Systems with Delegation Support}, proceedings={Quality, Reliability, Security and Robustness in Heterogeneous Networks. 9th International Conference, QShine 2013, Greader Noida, India, January 11-12, 2013, Revised Selected Papers}, proceedings_a={QSHINE}, year={2013}, month={7}, keywords={design implementation distributed access control distributed system classification delegation}, doi={10.1007/978-3-642-37949-9_84} }- Utharn Buranasaksee
Kriengkrai Porkaew
Umaporn Supasitthimethee
Year: 2013
A Generalized Model for Internet-Based Access Control Systems with Delegation Support
QSHINE
Springer
DOI: 10.1007/978-3-642-37949-9_84
Abstract
In the web environment, web browsers use HTTP/HTTPS to communicate between users and web/application servers. However, many internet activities require interactions among three parties without compromising confidentiality. For example, an e-commerce transaction requires a buyer to authorize an e-commerce website to withdraw money from the buyer’s bank account at an internet banking website. Although several existing works have been proposed to solve this problem, they are done in ad-hoc manners or lack of some important properties. This paper proposes a model, called PRA (Provider-Requestor-Authorizer), for generalizing three-party communication in the web-environment in order to identify desirable properties that can be used to measure the goodness of protocols for and classify them. We found that PRA model can generalize three-party communication protocols to a single model from conceptual level to implementation level.