Authentication and authorization infrastructures (AAIs): a comparative survey

López, Javier; Oppliger, Rolf; Pernul, Günther

doi:10.1016/j.cose.2004.06.013

Cited by 86 publications

(59 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…administrative) structure of the healthcare domain. However, there are many trust concerns associated with subordination between the participating parties in multidomain PKI infrastructures [2,10,13].…”

Section: Open Issuesmentioning

confidence: 99%

PKI Security in Large-Scale Healthcare Networks

2010

View full text Add to dashboard Cite

This is the unspecified version of the paper.This version of the publication may differ from the final published version. However, there is a plethora of challenges in these healthcare PKI infrastructures. Especially, there are a lot of challenges for PKI infrastructures deployed over largescale healthcare networks. In this paper, we propose a PKI infrastructure to ensure security in a large-scale Internet-based healthcare network connecting a wide spectrum of healthcare units geographically distributed within a wide region. Furthermore, the proposed PKI infrastructure facilitates the trust issues that arise in a large-scale healthcare network including multi-domain PKI infrastructures. Permanent

show abstract

Section: Open Issuesmentioning

confidence: 99%

PKI Security in Large-Scale Healthcare Networks

2010

View full text Add to dashboard Cite

show abstract

“…Therefore, authorization services are equally important. Lopez et al (2004) give examples authentication and authorization infrastructures (AAIs) in which these functionalities are going to merge.…”

Section: Public Key Infrastructuresmentioning

confidence: 99%

Why have public key infrastructures failed so far?

López

Oppliger²,

Pernul

2005

Internet Research

Self Cite

View full text Add to dashboard Cite

Abstract:Since public key cryptography is a fundamental technology for electronic commerce, people have often argued that public key infrastructures and corresponding certification services are the gold-mines of the information age. Contrary to these relatively high expectations, public key infrastructures have not really taken off and many certification service providers have even gone out of business. In this paper, we overview and discuss the technical, economical, legal, and social reasons why public key infrastructures have failed so far, summarize the lessons learnt, and give our expectations about the future development of the field.

show abstract

“…Some solutions to federate identities have been proposed, but with little support for authorization or privacy [1][2] [38]. Some integration efforts have been undertaken [36][37] such as the application of PKIs to authorization through attribute certificates [26], and the development of Privilege Management Infrastructures (PMI) [18][39], but adaptation capabilities remain limited. The agent-based PKI proposed in [28] allows different deployment topologies for TTPs, certificate formats, and protocols, and is similar to our approach, but does not address privacy.…”

Section: Related Workmentioning

confidence: 99%

“…), and often linked with "real" identifying information. Many solutions have been proposed to federate identities across multiple domains [38], but are usually not well integrated with mechanisms for effective enforcement of privileges [36].…”

Section: Introductionmentioning

confidence: 99%