Skip to main content
Article thumbnail
Location of Repository

Using certified policies to regulate Ecommerce Transactions

By Victoria Ungureanu


E-commerce regulations are usually embedded in mutually agreed upon contracts. Generally, these contracts enumerate agents authorized to participate in transactions, and spell out such things like rights and obligations of each partner, and terms and conditions of the trade. An enterprise may be concurrently bound by a set of different contracts that regulate the trading relations with its various clients and suppliers. This set is dynamic because new contracts are constantly being established, and previously established contracts end, are annulled or revised. We argue that existent access control mechanisms cannot adequately support the large number of regulations embedded in disparate, evolving contracts. To deal with this problem we propose to use certified policies. A certified policy (CP) is obtained by expressing contract terms regarding access and control regulations in a formal, interpretable language, and by having them digitally signed by a proper authority. In this framework, an agent making a request to a server presents to the server such a CP together with other relevant credentials. A valid certified policy can then be used a

Year: 2005
OAI identifier: oai:CiteSeerX.psu:
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • (external link)
  • (external link)
  • Suggested articles

    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.