A decentralized authorization mechanism for e-business applications

E-business applications need robust and powerful mechanisms to authorize security-critical actions. This actions can be very complex, since they can be initiated not only, by human users but also by applications or software agents. Existing authorization mechanisms do not scale for large number of users if the trust relations are dynamic and fail to provide reliable authorization among strangers. Our mechanism uses authorization relevant attributes to define the policy. The attributes are assigned to principals in a decentralized manner. We also present a method to reduce the financial losses which may arise if the authorization mechanism fails. We conclude the paper with our plans for future research.