[go: up one dir, main page]
Skip to main content
SpringerLink
Log in

Towards a New Authorisation Paradigm for Extranets

  • Conference paper
Information Security and Privacy (ACISP 2000)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1841))

Included in the following conference series:

Abstract

The development of extranets is transforming enterprise networking. Rather than using proprietary networks to exchange private information, organisations can now set up corporate extranets to exchange data and share applications with strategic partners, suppliers, and customers in a global scale. Because extranets allow third-party users into corporate networks, they need to be extremely secure and external access needs to be highly controllable. Authorisation governs what an entity can do, thus it is a core element in network security. In this paper, we propose a new authorisation framework that can cope with the dynamic and outreaching characteristics of extranets. We apply the technique of one-shot authorisation token in providing extranet users with flexible direct access to applications without authenticating their identities every time. It also solves the problem of revocation and update of user privileges in off-line models. This authorisation scheme has various advantages in terms of higher efficiency and greater adaptability to the diverse application environment of extranets.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Ashley, P., Vandenwauver, M.: Practical Intranet Security: An Overview of the State of the Art and Available Technologies. Kluwer Academic Publishers, Dordrecht (1999)

    Google Scholar 

  2. Ashley, P., Vandenwauver, M., Siebenlist, F.: Applying Authorisation to Intranets: Architectures, Issues and APIs. Accepted to Computer Communications Journal 23, Elsevier Science (2000)

    Google Scholar 

  3. American National Standard X9.57. Public Key Cryptography for the Financial Services Industry: Certificate Management (1997)

    Google Scholar 

  4. American National Standard X9.45. Enhanced Management Controls Using Digital Signatures and Attribute Certificates (1999)

    Google Scholar 

  5. Au, R., Looi, M., Ashley, P.: Cross-Domain One-Shot Authorisation Using Smart Cards (2000) (unpublished)

    Google Scholar 

  6. Bayles, D.: Extranets - Building the Business to Business Web. Prentice Hall PTR, Englewood Cliffs (1998)

    Google Scholar 

  7. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralised Trust Management. Proceedings of 1996 IEEE Symposium on Security and Privacy (1996)

    Google Scholar 

  8. Butler, J.G.: Securing the Enterprise Network. Computer Technology Research Corp. (1997)

    Google Scholar 

  9. Ellison, C.M.: SPKI Requirements, Available at http://www.ietf.org/internt-drafts/draft-ietf-spki-cert-req-01.txt on 6-8-99

  10. Harold, W., Lockhart Jr.: OSF DCE - Guide to Developing Distributed Applications. McGraw-Hill, New York (1994)

    Google Scholar 

  11. ISO 10181-3. Information Technology - Open System Interconnect – Security Framework in Open Systems : Access Control Framework, International Organisation for Standardisation (1996)

    Google Scholar 

  12. Kohl, J., Neuman, C.: The Kerberos Network Authentication Service V5. RFC1510 (1993)

    Google Scholar 

  13. Looi, M., Ashley, P., Seet, L., Au, R., Vandenwauver, M.: Enhancing SE-SAMEV4 with Smart Cards. In: Schneier, B., Quisquater, J.-J. (eds.) CARDIS 1998. LNCS, vol. 1820. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  14. Nicomette, V., Deswarte, Y.: An Authorisation Scheme For Distributed Object Systems. In: Proceedings of Symposium on Security and Privacy IEEE (1997)

    Google Scholar 

  15. Rivest, R., Lampson, B.: SDSI - A Simple Distributed Security Infrastructure, Available at http://theory.lcs.mit.edu/rivest/sdsi11.html on 12-9-99

  16. Rosenberry, W., Kenney, D., Fisher, G.: Understanding DCE. O’Reilly & Associates, Inc., Sebastopol (1992)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Research Centre, School of Data Communications, Queensland University of Technology, GPO Box 2434, Brisbane, Queensland, 4001, Australia

    Richard Au & Mark Looi

  2. Tivoli, Security Business Unit, 9020 Capital of Texas Highway, Building 1, Suite 270, Austin, TX, 78759, USA

    Paul Ashley

Authors
  1. Richard Au
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mark Looi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paul Ashley
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Information Security Research Centre, Queensland University of Technology, GPO Box 2434, 4000, Brisbane, Queensland, Australia

    E. P. Dawson , A. Clark  & Colin Boyd ,  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2000 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Au, R., Looi, M., Ashley, P. (2000). Towards a New Authorisation Paradigm for Extranets. In: Dawson, E.P., Clark, A., Boyd, C. (eds) Information Security and Privacy. ACISP 2000. Lecture Notes in Computer Science, vol 1841. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10718964_2

Download citation

  • DOI: https://doi.org/10.1007/10718964_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-67742-0

  • Online ISBN: 978-3-540-45030-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation