Agent based one shot authorisation scheme in a commercial extranet environment
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (1.08 MB, 272 trang )
Agent-Based One-Shot
Authorisation Scheme
in a Commercial Extranet
Environment
by
Wai Ki Richard Au
Bachelor of Science (Honours) (HKU) - 1980
Graduate Diploma of Information Technology (QUT) - 1998
Thesis submitted in accordance with the regulations for
Degree of Doctor of Philosophy
Information Security Institute
Faculty of Information Technology
Queensland University of Technology
1 August 2005
ii
QUEENSLAND UNIVERSITY OF TECHNOLOGY
DOCTOR OF PHILOSOPHY THESIS EXAMINATION
CANDIDATE NAME
Wai Ki Richard Au
RESEARCH CONCENTRATION
Information Security Institute
PRINCIPAL SUPERVISOR
Associate Professor Mark Looi
ASSOCIATE SUPERVISOR(S)
Dr Paul Ashley
Professor William J. Caelli
THESIS TITLE
Agent-based One-Shot
Authorisation Scheme in a
Commercial Extranet Environment
Under the requirements of PhD regulation 9.2, the above candidate was examined
orally by the Faculty. The members of the panel set up for this examination recommend
that the thesis be accepted by the University and forwarded to the appointed Committee
for examination.
Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Signature . . . . . . . . . . . . . . . . . . . . . . . .
Panel Chairperson (Principal Supervisor)
Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Signature . . . . . . . . . . . . . . . . . . . . . . . .
Panel Member
Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Signature . . . . . . . . . . . . . . . . . . . . . . . .
Panel Member
Under the requirements of PhD regulation 9.15, it is hereby certified that the thesis
of the above-named candidate has been examined. I recommend on behalf of
the Thesis Examination Committee that the thesis be accepted in fulfilment of the
conditions for the award of the degree of Doctor of Philosophy.
Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Signature . . . . . . . . . . . . . . . . . . . . . . Date . . . . . . . . . . .
Chair of Examiners (Thesis Examination Committee)
iii
iv
Keywords
Distributed authorisation, extranet, Intranet, smart card, personal secure device,
authentication, security architecture, security server, trust establishment, trust token,
credential-based authorisation, one-shot authorisation token, one-task authorisation
key, anonymous attribute certificate, key binding certificate, anonymous authorisation,
referee server, privilege negotiation agent, authorisation agent, secure client agent
environment
v
vi
Abstract
The enormous growth of the Internet and the World Wide Web has provided
the opportunity for an enterprise to extend its boundaries in the global business
environment.
While commercial functions can be shared among a variety of
strategic allies - including business partners and customers, extranets appear to be
the cost-effective solution to providing global connectivity for different user groups.
Because extranets allow third-party users into corporate networks, they need to
be extremely secure and external access needs to be highly controllable. Access
control and authorisation mechanisms must be in place to regulate user access to
information/resources in a manner that is consistent with the current set of policies
and practices both at intra-organisational and cross-organisational levels.
In the business-to-customer (B2C) e-commerce setting, a service provider faces
a wide spectrum of new customers, who may not have pre-existing relationships
established.
Thus the authorisation problem is particularly complex.
In this
thesis, a new authorisation scheme is proposed to facilitate the service provider to
establish trust with potential customers, grant access privileges to legitimate users
and enforce access control in a diversified commercial environment. Four modules
with a number of innovative components and mechanisms suitable for distributed
authorisation on extranets are developed:
• One-shot Authorisation Module - One-shot authorisation token is designed as
a flexible and secure credential for access control enforcement in client/server
systems;
• Token-Based Trust Establishment Module - Trust token is proposed for
server-centric trust establishment in virtual enterprise environment.
vii
• User-Centric Anonymous Authorisation Module - One-task authorisation
key and anonymous attribute certificate are developed for anonymous
authorisation in a multi-organisational setting;
• Agent-Based Privilege Negotiation Module - Privilege negotiation agents are
proposed to provide dynamic authorisation services with secure client agent
environment for hosting these agents on user’s platform
viii
Contents
Certificate Recommending Acceptance
iii
Keywords
v
Abstract
vii
Contents
ix
List of Figures
xvii
List of Tables
xix
Declaration
xxi
Related Publications
xxiii
Acknowledgements
xxvii
1
Introduction
1
1.1
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1
1.2
Research Approaches and Scopes . . . . . . . . . . . . . . . . . .
4
1.2.1
Infrastructure of Domain-based Servers . . . . . . . . . . .
5
1.2.2
User-Centric Authorisation . . . . . . . . . . . . . . . . . .
5
1.2.3
Credential-based Access Control . . . . . . . . . . . . . . .
6
1.2.4
Mobile Agent for Authorisation Services . . . . . . . . . .
6
Thesis Outline . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7
1.3
ix
2 Background
9
2.1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2
Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.3
2.2.1
Access Control Models . . . . . . . . . . . . . . . . . . . . 11
2.2.2
Implementations of Access Control . . . . . . . . . . . . . 12
Authentication and Authorisation . . . . . . . . . . . . . . . . . . . 13
2.3.1
2.4
9
Authorisation Mechanisms . . . . . . . . . . . . . . . . . . 14
Security Architectures . . . . . . . . . . . . . . . . . . . . . . . . 15
2.4.1
Kerberos V5 . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.4.2
Distributed Computing Environment (DCE) . . . . . . . . . 17
2.4.3
SESAME (Secure European System for Applications in a
Multi-vendor Environment) . . . . . . . . . . . . . . . . . 18
2.5
2.6
2.7
2.4.4
Policymaker and Keynote . . . . . . . . . . . . . . . . . . 20
2.4.5
Shibboleth . . . . . . . . . . . . . . . . . . . . . . . . . . 20
2.4.6
OASIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
2.4.7
Liberty Alliance . . . . . . . . . . . . . . . . . . . . . . . 21
2.4.8
Anonymous Credential Systems . . . . . . . . . . . . . . . 21
Security Standards . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.5.1
SAML and XACML . . . . . . . . . . . . . . . . . . . . . 22
2.5.2
Privilege Certificates . . . . . . . . . . . . . . . . . . . . . 23
Personal Secure Devices . . . . . . . . . . . . . . . . . . . . . . . 25
2.6.1
Smart Card . . . . . . . . . . . . . . . . . . . . . . . . . . 26
2.6.2
iButtonT M
. . . . . . . . . . . . . . . . . . . . . . . . . . 28
Code Mobility and Mobile Agent . . . . . . . . . . . . . . . . . . . 28
2.7.1
Protection of Mobile Agent . . . . . . . . . . . . . . . . . 30
2.7.2
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . 31
3 Requirements and Framework
3.1
33
Overview of Requirements on Commercial Extranets . . . . . . . . 33
3.1.1
Requirements on Access Control and Security Mechanisms
3.1.2
Requirements on Network Architecture and Topologies . . . 37
x
34
3.2
3.3
4
The Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
3.2.1
Approaches . . . . . . . . . . . . . . . . . . . . . . . . . . 39
3.2.2
Basic Entities . . . . . . . . . . . . . . . . . . . . . . . . . 41
3.2.3
Entity Interactions . . . . . . . . . . . . . . . . . . . . . . 42
3.2.4
Four Main Modules . . . . . . . . . . . . . . . . . . . . . . 42
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
One-Shot Authorisation
49
4.1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
4.2
One-Shot Authorisation Architecture (OSAA) . . . . . . . . . . . . 51
4.3
4.2.1
Separation of User Authentication and Authorisation . . . . 51
4.2.2
Architectural Overview . . . . . . . . . . . . . . . . . . . . 52
4.2.3
Distinctive Features . . . . . . . . . . . . . . . . . . . . . . 56
One-Shot Authorisation Token (OSAT) . . . . . . . . . . . . . . . 58
4.3.1
Token Contents . . . . . . . . . . . . . . . . . . . . . . . . 59
4.4
Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 61
4.5
Security Issues of Authorisation Token . . . . . . . . . . . . . . . . 66
4.6
4.7
4.8
4.5.1
Cryptography and Certification . . . . . . . . . . . . . . . . 67
4.5.2
Use of Personal Secure Device . . . . . . . . . . . . . . . . 67
A Simple Prototype: Authorisation Token Manager on Java Card . . 69
4.6.1
The Java Card Applet . . . . . . . . . . . . . . . . . . . . . 69
4.6.2
Performance . . . . . . . . . . . . . . . . . . . . . . . . . 71
4.6.3
Multiple Applications on Java Card . . . . . . . . . . . . . 73
4.6.4
Downloading Applications On-line . . . . . . . . . . . . . 73
Cross-Domain Authorisation . . . . . . . . . . . . . . . . . . . . . 75
4.7.1
Architectural Components . . . . . . . . . . . . . . . . . . 75
4.7.2
Authorisation Process . . . . . . . . . . . . . . . . . . . . 78
4.7.3
Token-based Delegation . . . . . . . . . . . . . . . . . . . 79
Evaluation and Analysis . . . . . . . . . . . . . . . . . . . . . . . 81
4.8.1
Comparison with Existing Technologies . . . . . . . . . . . 82
4.8.2
Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . 84
xi
4.9
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
5 Token-Based Trust Establishment for Extranets
87
5.1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
5.2
Trust Management on Extranets . . . . . . . . . . . . . . . . . . . 89
5.3
5.4
5.5
5.2.1
Classification of Extranet . . . . . . . . . . . . . . . . . . . 89
5.2.2
Requirements on Trust Management . . . . . . . . . . . . . 90
5.2.3
Requirements on Trust . . . . . . . . . . . . . . . . . . . . 91
Trust Distribution for Authorisation . . . . . . . . . . . . . . . . . 92
5.3.1
Credential-based Approach . . . . . . . . . . . . . . . . . . 93
5.3.2
Infrastructure for Trust Distribution . . . . . . . . . . . . . 94
A New Paradigm of Trust Distribution for Extranets . . . . . . . . . 95
5.4.1
Central Security Servers as Trust Intermediaries . . . . . . . 96
5.4.2
Trust Referees for Recommendation
5.4.3
Trust Tokens . . . . . . . . . . . . . . . . . . . . . . . . . 98
5.4.4
A Dynamic Web of Trust . . . . . . . . . . . . . . . . . . . 99
5.4.5
An Illustrative Scenario . . . . . . . . . . . . . . . . . . . 101
. . . . . . . . . . . . 97
A New Algorithm for Trust Derivation . . . . . . . . . . . . . . . . 102
5.5.1
Quantification of Trust . . . . . . . . . . . . . . . . . . . . 102
5.5.2
Composition of Trust . . . . . . . . . . . . . . . . . . . . . 103
5.6
Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
5.7
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
6 User-Centric Anonymous
Authorisation for B2C e-Commerce
6.1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
6.1.1
6.2
6.3
109
Anonymous Authorisation . . . . . . . . . . . . . . . . . . 111
A New Collaborated Authorisation Framework . . . . . . . . . . . 112
6.2.1
Dynamic Collaborated Authorisation . . . . . . . . . . . . 112
6.2.2
Architectural Overview . . . . . . . . . . . . . . . . . . . . 114
Anonymous Attribute Certificates (AAC) . . . . . . . . . . . . . . 117
xii
6.3.1
One-Task Authorisation Key (OTAK) . . . . . . . . . . . . 118
6.3.2
Binding privilege attributes to One-Task Authorisation
Public Key . . . . . . . . . . . . . . . . . . . . . . . . . . 119
6.4
6.5
Linking Identity with Anonymous Attribute Certificates . . . . . . . 121
6.4.1
Key Binding Certificate (KBC) . . . . . . . . . . . . . . . . 122
6.4.2
Binding Signature . . . . . . . . . . . . . . . . . . . . . . 123
Authorisation Protocol Overview . . . . . . . . . . . . . . . . . . . 126
6.5.1
6.6
Anonymity Revocation Service . . . . . . . . . . . . . . . . . . . . 132
6.6.1
6.7
6.8
6.9
7
Credential-based Authorisation Protocol . . . . . . . . . . . 127
Trustee as Identity Escrow Agent . . . . . . . . . . . . . . 134
Chain Referral . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
6.7.1
Anonymous Chained Referral . . . . . . . . . . . . . . . . 135
6.7.2
Chained Referral with User Authentication . . . . . . . . . 136
6.7.3
Anonymity Revocation for Chained Certificates . . . . . . . 137
6.7.4
Personal Tree of Authorisation Keys . . . . . . . . . . . . . 137
6.7.5
Illustrative Scenarios . . . . . . . . . . . . . . . . . . . . . 138
Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
6.8.1
Comparison of Different Certificates . . . . . . . . . . . . . 138
6.8.2
Security Analysis of the Protocol . . . . . . . . . . . . . . 139
6.8.3
Analysis Summary . . . . . . . . . . . . . . . . . . . . . . 141
6.8.4
Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Privilege Negotiation Agents for Distributed Authorisation
145
7.1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
7.2
Intelligent Agents for Authorisation . . . . . . . . . . . . . . . . . 147
7.3
The Agent-based Authorisation Architecture . . . . . . . . . . . . . 148
7.3.1
7.4
Privilege Negotiation Protocols . . . . . . . . . . . . . . . . . . . . 151
7.4.1
7.5
Privilege Negotiation Agents for Collaborative Authorisation 150
Agent-to-Agent Communications . . . . . . . . . . . . . . 153
Authorisation Agent for Access Control Enforcement . . . . . . . . 159
xiii
7.6
7.7
7.5.1
Architectural Components on Client . . . . . . . . . . . . . 160
7.5.2
Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 163
An Illustrative Application: RBAC Authorisation Agent . . . . . . . 164
7.6.1
Role-Based Access Control (RBAC) . . . . . . . . . . . . . 164
7.6.2
RBAC Authorisation Agent on Client Workstation . . . . . 166
7.6.3
RBAC Authorisation Manager on Application Server . . . . 166
7.6.4
Role Activation Token . . . . . . . . . . . . . . . . . . . . 167
7.6.5
Interactions between Client and Application Server . . . . . 168
7.6.6
Enforcing Role-Based Access Control . . . . . . . . . . . . 169
Secure Client Agent Environment (SCAE) . . . . . . . . . . . . . . 171
7.7.1
Securing the Agent-based Authorisation . . . . . . . . . . . 171
7.7.2
Agent Manager for Central Administration . . . . . . . . . 172
7.7.3
Platform for Agent Collaboration . . . . . . . . . . . . . . 172
7.7.4
Security Model of SCAE . . . . . . . . . . . . . . . . . . . 173
7.7.5
A Prototype: iButton as SCAE for Hosting Multiple Agents 177
7.7.6
Securing the Agent Interactions . . . . . . . . . . . . . . . 180
7.7.7
Secure Communications . . . . . . . . . . . . . . . . . . . 184
7.8
Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
7.9
Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
8 Conclusions and Future Work
191
8.1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
8.2
Summary of Contribution . . . . . . . . . . . . . . . . . . . . . . . 191
8.3
New Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
A List of Acronyms
199
B List of Definitions
201
C Illustrative Scenarios in
Anonymous Authorisation Module
203
C.1 Anonymous Online Purchase with Payment . . . . . . . . . . . . . 203
xiv
C.2 Anonymous Home Loan Pre-approval Application . . . . . . . . . 205
D Illustrative Scenarios in
Agent-based Privilege Negotiation Module
207
D.1 Anonymous Online Purchase with Discount . . . . . . . . . . . . . 207
D.2 SCAE as a marketplace for e-Sales . . . . . . . . . . . . . . . . . . 210
E Source Codes
217
E.1 Java Cardlet of Authorisation Token Manager . . . . . . . . . . . . 217
E.2 Java Applet for Agent Manager on iButton . . . . . . . . . . . . . . 223
Bibliography
231
xv
xvi
List of Figures
2.1
ISO Access Control Model . . . . . . . . . . . . . . . . . . . . . . 10
2.2
Components in Kerberos . . . . . . . . . . . . . . . . . . . . . . . 16
2.3
Components in DCE . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.4
Components in SESAME . . . . . . . . . . . . . . . . . . . . . . . 19
3.1
Entities and New Components in The Authorisation Framework . . 40
3.2
Four Modules in the Authorisation Framework . . . . . . . . . . . . 43
4.1
Intra-domain One-Shot Authorisation . . . . . . . . . . . . . . . . 53
4.2
One-Shot Authorisation Interactions . . . . . . . . . . . . . . . . . 62
4.3
Cross-Domain One-Shot Authorisation . . . . . . . . . . . . . . . . 74
4.4
One-Shot Authorisation for Extranet . . . . . . . . . . . . . . . . . 76
4.5
System Walkthrough for Internal and External Users . . . . . . . . 80
5.1
Trust Establishment through the Web of Trust . . . . . . . . . . . . 99
6.1
User-Centric Anonymous Authorisation . . . . . . . . . . . . . . . 115
6.2
Certificates for Authentication and Authorisation . . . . . . . . . . 120
6.3
Use of Binding Signature . . . . . . . . . . . . . . . . . . . . . . . 123
6.4
Binding Signature Algorithm . . . . . . . . . . . . . . . . . . . . . 124
6.5
Linking Multiple Certificates . . . . . . . . . . . . . . . . . . . . . 126
6.6
Credential-based Authorisation Protocol . . . . . . . . . . . . . . . 127
6.7
Personal Tree of Keys . . . . . . . . . . . . . . . . . . . . . . . . . 137
7.1
Agent-based Authorisation Architecture . . . . . . . . . . . . . . . 149
7.2
Elements in Decision Making . . . . . . . . . . . . . . . . . . . . . 151
xvii
7.3
Agent Communication Protocol . . . . . . . . . . . . . . . . . . . 156
7.4
Overview of Architectural Components . . . . . . . . . . . . . . . 161
7.5
Cross Domain Authorisation using Authorisation Agent and Token . 163
7.6
Role Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
7.7
User-Centric Agent Collaboration . . . . . . . . . . . . . . . . . . 174
7.8
Configuration of Agents and SCAE . . . . . . . . . . . . . . . . . 175
7.9
Trust Link Requirements in different Models . . . . . . . . . . . . 177
7.10 Downloading and Installation of Agent . . . . . . . . . . . . . . . . 179
7.11 Domain-based Separation . . . . . . . . . . . . . . . . . . . . . . . 186
D.1 Communication Among Agents . . . . . . . . . . . . . . . . . . . 215
xviii
List of Tables
4.1
Suggested Attributes in One-Shot Authorisation Token . . . . . . . 59
4.2
Table of Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
4.3
Cryptographic Workload . . . . . . . . . . . . . . . . . . . . . . . 72
4.4
Performance of ATM in Java Card . . . . . . . . . . . . . . . . . . 72
4.5
Comparison of Different Security Architectures . . . . . . . . . . . 81
6.1
Table of Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
6.2
Comparison of Different Certificates . . . . . . . . . . . . . . . . . 138
7.1
Computation Parameters for Different Agents . . . . . . . . . . . . 151
7.2
Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
8.1
Comparison of The Four Modules . . . . . . . . . . . . . . . . . . 192
D.1 Access Control List . . . . . . . . . . . . . . . . . . . . . . . . . . 211
D.2 Yellow Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
D.3 Transaction Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
xix
xx
Declaration
The work contained in this thesis has not been previously submitted for a degree
or diploma at any higher education institution. To the best of my knowledge and
belief, the thesis contains no material previously published or written by another
person except where due reference is made.
Signed: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Date: . . . . . . . . . . . . . . . . . . . . .
xxi
xxii
Related Publications
The material in this thesis is a subset of the research performed by the author
between February 1998 and December 2004 in Information Security Research
Centre, Queensland University of Technology. Much of the material has been
published in the proceedings of the following conference papers:
Academically Refereed Conference Papers
[1] Mark Looi, Paul Ashley, Loo Tang Seet, Richard Au, Gary Gaskell, Mark
Vandenwauver. Enhancing SESAMEV4 with Smart Cards. In Proceedings of
Third Smart Card Research and Advanced Application Conference (CARDIS’
98), Louvain-la-Neuve, Belgium, 14 – 16 September 1998.
[2] Richard Au, Mark Looi, Paul Ashley.
Paradigm on Extranet.
Towards a New Authorisation
In Proceedings of 5th Australasian Conference
on Information Security and Privacy (ACISP’ 2000), Volume 1841 of
Lecture Note in Computer Science, Springer-Verlag, pages 18–29, Brisbane,
Australia, 20 – 21 August 2000.
(Material is included in Chapter 4)
[3] Richard Au, Mark Looi, Paul Ashley. Cross Domain One-Shot Authorisation
using Smart Card. In Proceedings of 5th ACM Conference on Computer and
Communication Security (CCS’ 2000), pages 220–227, ACM Publication,
Athens, Greece, 1 – 4 November 2000.
(Material is included in Chapter 4)
xxiii
[4] Richard Au, Mark Looi, Paul Ashley.
on Extranet.
Automated Trust Establishment
In Proceedings of Workshop on Information Technology
for Virtual Enterprise 2001 (ITVE’ 2001), Australian Computer Science
Communications, Volume 23, Number 6, pages 3 – 11, Gold Coast, 1 – 4
February 2001.
(Material is included in Chapter 5)
[5] Richard Au, Mark Looi, Paul Ashley, Loo Tang Seet.
Secure
Authorisation Agent for Cross-Domain Access Control in a Mobile
Computing Environment. In Proceedings of the 4th International Conference
on Information Security and Cryptology (ICISC’ 2001), Volume 2288 of
Lecture Note in Computer Science, Springer-Verlag, pages 369 – 381, Seoul,
South Korea, 6 – 7 December 2001.
(Material is included in Chapter 7)
[6] Richard Au, Ming Yao, Mark Looi, Paul Ashley.
Environment (SCAE) for World Wide Web.
Secure Client Agent
In Proceedings of the 3rd
International Conference on Electronic Commerce and Web Technologies
(EC-Web 2002), Volume 2455 of Lecture Note in Computer Science,
Springer-Verlag, pages 234 – 244, Aix-en-Provence, France, 2 – 6 September
2002.
(Material is included in Chapter 7)
[7] Richard Au, Ming Yao, Mark Looi. Agent-based Privilege Negotiation for
E-commerce on World Wide Web. In Proceedings of the 3rd International
Conference on Web Engineering (ICWE 2003), Volume 2722 of Lecture Note
in Computer Science, Springer-Verlag, pages 68 – 71, Oviedo, Spain, 14– 18
July 2003.
(Material is included in Chapter 7)
xxiv
[8] Richard Au, Ming Yao, Mark Looi.
Privilege Negotiation Agents for
Distributed Authorisation on World Wide Web. In Proceedings of IEEE/WIC
International Conference on Intelligent Agent Technology (IAT 2003), IEEE
Computer Society, pages 519 – 522, Halifax, Canada, 13 – 17 October 2003.
(Material is included in Chapter 7)
[9] Richard Au, Harikrishna Vasanta, Kim-Kwang Raymond Choo, Mark
Looi. A User-Centric Anonymous Authorisation Framework in E-Commerce
Environments.
In Proceedings of the Sixth International Conference
on Electronic Commerce (ICEC 2004), ACM Publication ISBN Number
1-5113-930-6, pages 138 – 147, Delft, The Netherlands, 25 – 27 October
2004.
(Material is included in Chapter 6)
[10] Richard Au, Kim-Kwang Raymond Choo, Mark Looi.
A Secure
Anonymous Authorisation Architecture for E-Commerce. In Proceedings of
IEEE International Conference on e-Technology, e-Commerce and e-Service
(EEE’05), Hong Kong, China, 29 March – 1 April 2005.
(Material is included in Chapter 6)
Non-Academically Refereed Conference Papers
[11] Richard Au, Mark Looi, Paul Ashley.
Using Java Card as Authorisation
Device in Multi-Application Environment.
In Proceedings of Gemplus
Developer Conference 2000 (GDC’ 2000), Montpellier, France, 20 – 21 July
2000.
(Material is included in Chapter 4)
xxv
