Abstract
This paper asserts that the current approach to the use of asymmetric cryptography and the provision of digital certificates is overly cumbersome, expensive and forces unreasonable requirements on standard business users and consumers; so they ignore or resist their use. In addition, many web-based applications are emerging without appropriate security functionality built-in. It proposes the management of digital certificates within an enhanced commercial environment using best practice personnel recruiting and management procedures and best practice information security management combined with enhanced cryptographic services within the installed base of the corporate IT infrastructure. This, combined with a security middle layer based on the XML Key Management Specification will suffice. The benefit is commercially “fit-for-purpose” identity management, and security functionality, provided at a corporate level, which meets the requirements of applicable law whether it is the EU Directive, or other legislation such as the US HIPAA and Sarbanes-Oxley law.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adams, A and Sasse, M.A. Users are not the enemy. Communications of the ACM, 42(12). 1999.41–46.
A Joint White Paper from IBM and Microsoft. Security in a Web Service World: a Proposed Architecture and Roadmap, 2002. (available from: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwssecur/html/securitywhitepaper.asp )
Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures
Grinter, R and Smetters D, Three challenges for embedding security into appliacations. In Workshop on Human-Computer Interaction and Security Systems, CHI2003, April 5–10, 2003, Fort Lauderdale, Florida.
Hagel III, John.: Out of the Box; Strategies for achieving profits today and growth tomorrow through web services. Harvard Business School Press, 2002.
Hilton, J., McIntosh, S, Business Assurance — a Business Modelling Approach to Information Systems Security, 1995 (available from jeremy.hilton@cs.cf.ac.uk or S.B.McIntosh@cs.cf.ac.uk)
ISO/EEC 17799:2000. Information Technology — Code of Practice for Information Security Management.
Sasse, M.A., Brostoff, S. and Weirich, D. Transforming the “Weakest Link” — a human/computer interaction approach to usable and effective security. B.T. Technology Journal, 19(3). 2001. 122–131.
Smith, H. and Fingar, P.Business Process Management; the Third Wave. Mehgan-Kiffer Press. 2003
Wilson, B. Systems: Concepts Methodologies and Applications, 2nd Edition. John Wiley & Sons. 1990.
Web Services Security (WS-Security). Version 1.0 2002.
XML Key Management Specification (XKMS), W3C Note 30 March 2001. This version: http://www.w3.org/TR/2001/NOTE-xkms-20010330/. Latest version: http://www.w3.org/TR/xkms/
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2004 Friedr. Vieweg & Sohn Verlagsgesellschaft/GWV Fachverlage GmbH,Wiesbaden
About this chapter
Cite this chapter
Hilton, J. (2004). Providing Cost-effective Security Functionality into Applications. In: Securing Electronic Business Processes. Vieweg+Teubner Verlag. https://doi.org/10.1007/978-3-322-84982-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-322-84982-3_4
Publisher Name: Vieweg+Teubner Verlag
Print ISBN: 978-3-528-05887-6
Online ISBN: 978-3-322-84982-3
eBook Packages: Springer Book Archive