Using attribute certificates to implement role-based authorization and access controls

Rolf Oppliger, Günther Pernul, Christine Strauss

Veröffentlichungen: Beitrag in BuchBeitrag in Buch/SammelbandPeer Reviewed


Users of electronic commerce applications often face the problem of how to judge the value of a document that is digitally signed by someone claiming to be an authorized agent of a particular organization, such as a company or a federal office. While the claimant might provide a personal certificate that can be used for authentication, the more general questions are related to the issue of authorization: how can a user be certain that the agent is truly authorized to act on behalf of the organization and that the agent is acting in a legally-binding manner? Similarly, how can the organization be held liable for the digital signatures its authorized agents provide? This paper elaborates on possible means of addressing these and similar questions. In particular, it addresses the utilization of attribute certificates for implementing role-based authorization and access controls. In addition, the paper also elaborates on a possible implementation for commercial registers that could be used to certify the attribute authorities that issue attribute certificates.
TitelSicherheit in Informationssystemen (SIS 2000)
Untertitel4. Fachtagung Sicherheit in Informationssystemen (SIS 2000)
Redakteure*innenKurt Bauknecht, Stefanie Teufel
Herausgeber (Verlag)vdf Hochschulverlag AG an der ETH Zürich
ISBN (Print)3-7281-2775-2
PublikationsstatusVeröffentlicht - 2000

ÖFOS 2012

  • 102016 IT-Sicherheit
  • 502050 Wirtschaftsinformatik