A Survey on Access Control Mechanisms in E-commerce Environments

Abstract

With continuously growing numbers of applications, enterprises face the problem of efficiently managing the assignment of access permissions to their users. Access Control (AC) represents the process of mediating every request to services and data, maintained by a system and determining whether the requests should be granted or denied. The AC decision is enforced by a mechanism implementing regulations established by a security policy. Different AC policies can be applied, corresponding to different criteria for defining what should, and what should not be allowed. Over the past few years AC mechanisms have been deployed in diverse enterprises of all sizes. The aforementioned success has led to an abundance of available access control models corresponding to the special needs of every enterprise. In this paper we firstly attempt to stress the importance for every business that uses information systems to incorporate access control mechanisms in its production line. In the framework of investigating the problem of AC, studies have been held on specific issues relating to the configuration and the management of AC methods. We comprehensively study and classify the problem properly discovering and selecting AC mechanisms by reviewing recent research results and secondly analyze and identify the current AC approaches along with its several variants and the corresponding solution strategies. We highlight the advantages, the methods and techniques involved and the challenges of each approach. Finally, we analyze their influence on designing and implementing these approaches in e-commerce environments, discuss the limitations of existing methods and identify new areas of research that can lead to further enrichment of this field.