In the recent past, a lot of work has been done in establishing public key infrastructures (PKIs) for electronic commerce (e-commerce) applications Unfortunately, most of these PKIs can only be used to authenticate the participants of e-commerce applications; they can't be used to properly authorize the participants and to control access to system resources accordingly. Consequently, these PKIs address only half of the problem with regard to e-commerce applications and some complementary technologies are required to address the authorization problem as well. We elaborate on such technologies and corresponding authorization methods for e-commerce applications. In particular we address certificate based authorization, the use of attribute and SDSI/SPKI certificates, as well as the use of databases. We conclude with the insight that there is no single best authorization method, and that different e-commerce applications may require different authorization methods.
展开▼