Article Preview
TopIntroduction
Business-to-business electronic commerce requires the use of electronic catalogs as the contact points for both sellers and buyers. The benefits of e-catalogs for both suppliers and buyers include drastically reduced production costs, expanded markets, and reduced processing costs. E-catalogs are defined as electronic representations of information about the products and/or services of one or more organizations, e.g., eBay’s e-catalog provides 4320 product/service categories with 4 million auctions and 450,000 items added each day (Ball, Ma, Raschid, & Zhao, 2002; Baron, Shaw, & Bailey Jr, 2000; Benatallah, Hacid, Paik, Rey, & Toumani, 2006; Segev, Wan, & Beam, 1995; Stanoevska-Slabeva & Schmid, 2000; Yen & Kong, 2002). In electronic markets (e-markets), e-catalogs integrate operational data, such as orders, fulfillment issues, and delivery of services over the web (Beneventano & Magnani, 2004; Yen & Kong, 2002).
The growth of business-to-business e-commerce has highlighted the importance of maintaining inter-organizational trust in developing and maintaining business-to-business relationships. Furthermore, access control in e-commerce transactions has been identified as an important means for maintaining trust between trading partners (Lee, 2008; Li, Du, & Wong, 2007; Ratnasingham & Kumar, 2000; Wang, Cheng, & Zhao, 2004; Wang, Zhao, & Cheng, 2007). That is, managing data security in e-markets is a critical issue as the data owners have varying relationships with the e-marketplace and between one another (Kuller, 2005). Consequently, development of new techniques for managing data security in e-markets is an important research area.
One such research area focuses on advanced access control mechanisms that support security management in Web and e-commerce applications (Joshi, Aref, Ghafoor, & Spafford 2001; Lee, 2008; Thuraisingham, Clifton, Gupta, Bertino, & Ferrari, 2001). In supply chain management, companies typically form alliances for the purposes of information sharing and strategic cooperation (Seidmann & Sundararajan, 1997; Thomas & Griffin, 1996). This requires more advanced access control mechanisms that ensure the sharing of information align properly with the complex and dynamic relationships among the companies to maintain trust and confidentiality (Chakraborty & Ray, 2006; Kang, Park, & Froscher, 2001; Zhao, Wang, & Huang, 2008).
Existing access control models are mostly concerned with data and application security within a uniform organization where the relationships between companies are of little concern. The main focus of those access control models such as role-based access control (RBAC), task-based access control (TBAC), coalition-based access control (CBAC), and workflow-based access control (WBAC) are on how to efficiently mapping users to their access authorizations. As will be discussed in detail in later sections, TBAC, CABC, and WBAC models are extensions of the RBAC by including tasks, coalitions, and workflows into the mapping between users and roles. We will demonstrate that in an e-market, company relationships are a new dimension that has not been emphasized in previous access control model, and e-market data security must take into account company relationships.