Abstract
The development of extranets is transforming enterprise networking. Rather than using proprietary networks to exchange private information, organisations can now set up corporate extranets to exchange data and share applications with strategic partners, suppliers, and customers in a global scale. Because extranets allow third-party users into corporate networks, they need to be extremely secure and external access needs to be highly controllable. Authorisation governs what an entity can do, thus it is a core element in network security. In this paper, we propose a new authorisation framework that can cope with the dynamic and outreaching characteristics of extranets. We apply the technique of one-shot authorisation token in providing extranet users with flexible direct access to applications without authenticating their identities every time. It also solves the problem of revocation and update of user privileges in off-line models. This authorisation scheme has various advantages in terms of higher efficiency and greater adaptability to the diverse application environment of extranets.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Ashley, P., Vandenwauver, M.: Practical Intranet Security: An Overview of the State of the Art and Available Technologies. Kluwer Academic Publishers, Dordrecht (1999)
Ashley, P., Vandenwauver, M., Siebenlist, F.: Applying Authorisation to Intranets: Architectures, Issues and APIs. Accepted to Computer Communications Journal 23, Elsevier Science (2000)
American National Standard X9.57. Public Key Cryptography for the Financial Services Industry: Certificate Management (1997)
American National Standard X9.45. Enhanced Management Controls Using Digital Signatures and Attribute Certificates (1999)
Au, R., Looi, M., Ashley, P.: Cross-Domain One-Shot Authorisation Using Smart Cards (2000) (unpublished)
Bayles, D.: Extranets - Building the Business to Business Web. Prentice Hall PTR, Englewood Cliffs (1998)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralised Trust Management. Proceedings of 1996 IEEE Symposium on Security and Privacy (1996)
Butler, J.G.: Securing the Enterprise Network. Computer Technology Research Corp. (1997)
Ellison, C.M.: SPKI Requirements, Available at http://www.ietf.org/internt-drafts/draft-ietf-spki-cert-req-01.txt on 6-8-99
Harold, W., Lockhart Jr.: OSF DCE - Guide to Developing Distributed Applications. McGraw-Hill, New York (1994)
ISO 10181-3. Information Technology - Open System Interconnect – Security Framework in Open Systems : Access Control Framework, International Organisation for Standardisation (1996)
Kohl, J., Neuman, C.: The Kerberos Network Authentication Service V5. RFC1510 (1993)
Looi, M., Ashley, P., Seet, L., Au, R., Vandenwauver, M.: Enhancing SE-SAMEV4 with Smart Cards. In: Schneier, B., Quisquater, J.-J. (eds.) CARDIS 1998. LNCS, vol. 1820. Springer, Heidelberg (2000)
Nicomette, V., Deswarte, Y.: An Authorisation Scheme For Distributed Object Systems. In: Proceedings of Symposium on Security and Privacy IEEE (1997)
Rivest, R., Lampson, B.: SDSI - A Simple Distributed Security Infrastructure, Available at http://theory.lcs.mit.edu/rivest/sdsi11.html on 12-9-99
Rosenberry, W., Kenney, D., Fisher, G.: Understanding DCE. O’Reilly & Associates, Inc., Sebastopol (1992)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Au, R., Looi, M., Ashley, P. (2000). Towards a New Authorisation Paradigm for Extranets. In: Dawson, E.P., Clark, A., Boyd, C. (eds) Information Security and Privacy. ACISP 2000. Lecture Notes in Computer Science, vol 1841. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10718964_2
Download citation
DOI: https://doi.org/10.1007/10718964_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67742-0
Online ISBN: 978-3-540-45030-6
eBook Packages: Springer Book Archive