Title: Designing secure e-commerce with role-based access control

Authors: Cungang Yang

Addresses: Department of Electrical and Computer Engineering, Ryerson University, Toronto, Ontario M5B 2K3, Canada

Abstract: In this paper, an Object-Oriented Role-Based Access Control (ORBAC) model for e-commerce is introduced. Based on the model, an efficient method for managing ORBAC security policies using eXtensible Markup Language (XML) and a role assignment algorithm are presented. The proposed method using digital credentials and an XML-based security policy greatly simplifies security policy administration for e-commerce. Also, an implementation of e-commerce applications is described. Unlike most existing approaches, with our approach the authorisation is independently defined and is separated from implementation mechanisms.

Keywords: digital credentials; e-commerce; electronic commerce; Object-Oriented Role-Based Access Control; ORBAC security; role-based access control; eXtensible Markup Language; XML; cookies; security policy; authorisation; access security.

DOI: 10.1504/IJWET.2007.011528

International Journal of Web Engineering and Technology, 2007 Vol.3 No.1, pp.73 - 95

Published online: 01 Dec 2006 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article