E-commerce regulations are usually embedded in mutually agreed upon contracts. Generally, these contracts enumerate agents authorized to participate in transactions, and spell out such things like rights and obligations of each partner, and terms and conditions of the trade. An enterprise may be concurrently bound by a set of different contracts that regulate the trading relations with its various clients and suppliers. This set is dynamic because new contracts are constantly being established, and previously established contracts end, are annulled or revised. We argue that existent access control mechanisms cannot adequately support the large number of regulations embedded in disparate, evolving contracts. To deal with this problem we propose to use certified policies. A certified policy (CP) is obtained by expressing contract terms regarding access and control regulations in a formal, interpretable language, and by having them digitally signed by a proper authority. In this framework, an agent making a request to a server presents to the server such a CP together with other relevant credentials. A valid certified policy can then be used a
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.