參考文獻 |
[1] Elisa Bertino, and Elena Ferrari, “The Specification and Enforcement of
Authorization Constraints in Workflow Management Systems”, ACM
Transactions on Information and System Security, Volume 2, Issue 1, New
York, NY, USA Feb. 1999, pp. 65–104.
[2] “Biztalk Server 2000 Product Documentation”, access from
http://www.microsoft.com/technet/prodtechnol/biztalk/proddocs/btsdocs/ on
3/23/2002.
[3] “Microsoft Exchange 2000 Server Resource Kit”, Microsoft Corporation,
2000.
[4] Simon Godik, Simon Godik, Tim Moses, and Entrust, “OASIS eXtensible Access
Control Markup Language (XACML)”, access from
http://www.oasis-open.org/committees/xacml/docs/draft-xacml-v0.12 on
4/28/2002.
[5] Wei-Kuang Huang, and Vijayalakshmi Atluri, “SecureFlow: A Secure
Web-enabled Workflow Management System”, Proceedings of 4th ACM Workshop
on Role-based Access Control, Fairfax, Virginia, USA, Oct. 1999, pp. 83-94.
[6] Gail-Joon Ahn, Myong Kang, Joon Park, and Ravi Sandhu, “Injecting RBAC to
Secure a Web-Based Workflow System”, Proceedings of 5th ACM Workshop on
Role-Based Access Control, Berlin, Germany, July 2000, pp. 1-10.
[7] Phillip Hallam-Baker, and Eve Maler, “Assertions and Protocol for the
OASIS Security Assertion Markup Language(SAML)”, access from
http://www.oasis-open.org/committees/security/docs/
SAML-cs-sstc-core-00.pdf, on 4/28/2002.
[8] Satoshi Hada and Michiharu Kudo, “XML Access Control Language:Provisional
Authorization for XML Documents”, Tokyo Research Laboratory, IBM Research,
Oct. 16, 2000, access from http://www.trl.ibm.com/projects/xml/xacl/
xacl-spec.html on 1/6/2002.
[9] Martin D, Birbeck M, Kay M, Loesgen B, Pinnock J, Livingstone S, Peter S,
Williams K, Anderson R, Mohr S, Baliles D, Peat B, and Ozu N,
“Professional XML”, published Chicago:Wrox Publisher, 2000.
[10] R.S. Sandhu, and E.J. Coyne, "Role-based Access Control Models", IEEE
Computer, Feb, 1996, pp. 38-47.
[11] W3C, ”XML 1.0 (Second Edition)”, access from http://www.w3c.org/TR/, on
11/7/2001.
[12] W3C, “Document Object Model (DOM) Level 2 Core Specification”, access
from http://www.w3c.org/TR, on 12/10/2001.
[13] M. Kudo and S. Hada, “XML Document Security based on Provisional
Authorization”, Proceedings of the 7th ACM Conference on Computer and
Communications Security, Athens, Greece, Nov. 2000, pp. 87-96.
[14] S. Jajodia, M. Kudo, and V. S. Subrahmanian, “Provisional Authorizations
“, Workshop on Security and Privacy in E-Commerce (WSPEC), Nov. 2000, to
appear in Recent Advances in Secure and Private E-Commerce, published by
Kluwer Academic Publishers in 2001, access from
http://www.trl.ibm.com/projects/xml/xacl/index.htm on 1/10/2002.
[15] “Lotus Notes and Domino Product Documentation”, access from
http://www-10.lotus.com/ldd/products.nsf/products/notesdomino/ on
3/19/2002.
[16] David Ferraiolo, and John Barkley, “Specifying and Managing Role-Based
Access Control within a Corporate Intranet”, Proceedings of 2th ACM
Workshop on Role-based Access Control, Fairfax, Virginia, USA, 1997,
pp. 77-82.
[17] Vijayalakshmi Atluri, and Wei-Kuang Huang, “A Petri Net Based Safety
Analysis of Workflow Authorization Models”, Journal of Computer Security,
Volume 8, Issue 2/3, 2000.
[18] Roshan Thomas, and Ravi Sandhu ,"Conceptual Foundations for a Model of
Task-based Authorizations", Proceedings of the 7th IEEE Computer Secuity
Foundations Workshop, Franconia, NH, June 1994, pp. 66-79.
[19] Roshan Thomas, and Ravi Sandhu, "Task-based Authorization: A Paradigm for
Flexible and Adaptable Access Control in Distributed Application", 16th
NIST-NCSC National Computer Security Conference, Baltimore, MD, Sept.
1993, pp. 409-415.
[20] D.Ferraiolo, J. Cugini, and D.R.Kuhn, "Role Based Access Control: Features
and Motivations", In 11th Annual Computer Security Applications
Conference, New Orleans, LA, Dec. 1995, pp. 93-105.
[21] Luigi Giuri, Pietro Iglio, and Fondazione Ugo Bordoni, "A Formal Model For
Role-Based Access Control with Constraints", Proceedings 9th IEEE Computer
Security Foundations Workshop, Dromquinna Manor, Ireland, June 1996,
pp. 136-145.
[22] W3C, URL:http://www.w3.org/.
[23] OASIS, URL:http://www.oasis-open.org/.
[24] IBM Tokyo Research Laboratory, URL:http://www.trl.ibm.com/.
[25] University of Milan Security Group, URL:http://seclab.dti.unimi.it/.
[26] 梁定澎,”電子商務理論與實務”,華泰書局出版,2000年5月。
[27] 林錦雀,”XML基礎領航”,金禾資訊出版,2001年5月。
[28] 曾俊豪,”以角色為基礎作網頁伺服器的存取控制之系統設計與實作”,國立台灣大
學資訊工程研究所碩士論文,2000年6月。
[29] 陳建聖,”實作一個BizTalk協同、整合流程引擎”,國立台灣科技大學電子工程研究
所碩士論文,2001年6月。
[30] 胡錦峰,”以XML驅動及網際網路為基底的工作流設計”,國立台灣科技大學電子工程
研究所碩士論文,2000年6月。
[31] 施淵仁,”具流程管理機制之工作存取權限控制模型之研究”,私立元智大學電機暨
資訊工程研究所碩士論文,2000年6月。 |