{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T17:31:08Z","timestamp":1725471068894},"publisher-location":"Berlin, Heidelberg","reference-count":17,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540377504"},{"type":"electronic","value":"9783540377528"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/11824633_5","type":"book-chapter","created":{"date-parts":[[2006,9,18]],"date-time":"2006-09-18T15:23:09Z","timestamp":1158592989000},"page":"41-50","source":"Crossref","is-referenced-by-count":2,"title":["Towards a Risk Management Perspective on AAIs"],"prefix":"10.1007","author":[{"given":"Christian","family":"Schl\u00e4ger","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Thomas","family":"Nowey","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"5_CR1","doi-asserted-by":"crossref","first-page":"703","DOI":"10.1016\/S1389-1286(01)00247-X","volume":"37","author":"R. Castro-Rojo","year":"2001","unstructured":"Castro-Rojo, R., Lopez, D.R.: The PAPI system: point of access to providers of information. Computer Networks: The International Journal of Computer and Telecommunications Networking\u00a037, 703\u2013710 (2001)","journal-title":"Computer Networks: The International Journal of Computer and Telecommunications Networking"},{"key":"5_CR2","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1145\/1005817.1005828","volume":"47","author":"H. Cavusoglu","year":"2004","unstructured":"Cavusoglu, H., Mishra, B., Raghunathan, S.: A Model for Evaluating IT Security Investments. Communications of the ACM\u00a047, 87\u201392 (2004)","journal-title":"Communications of the ACM"},{"key":"5_CR3","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1145\/507711.507732","volume-title":"Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002)","author":"D. Chadwick","year":"2002","unstructured":"Chadwick, D., Otenko, A.: The PERMIS X.509 role based privilege management infrastructure. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002), pp. 135\u2013140. ACM Press, New York (2002)"},{"key":"5_CR4","unstructured":"Cremonini, M., Martini, P.: Evaluating Information Security Investments from Attackers Perspective: the Return-On-Attack (ROA). In: Proceedings of the Fourth Workshop on the Economics of Information Security. Harvard (2005)"},{"key":"5_CR5","unstructured":"J\u00f8sang, A., Pope, S.: User Centric Identity Management. In: Clark, A., Kerr, K., Mohay, G. (eds.): Proceedings of AusCERT Asia Pacific Information Technology Security Conference 2005. Gold Coast (2005) 77-89"},{"key":"5_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"548","DOI":"10.1007\/11573036_52","volume-title":"Advances in Informatics","author":"S.K. Katsikas","year":"2005","unstructured":"Katsikas, S.K., L\u00f3pez, J., Pernul, G.: Trust, Privacy and Security in E-Business: Requirements and Solutions. In: Bozanis, P., Houstis, E.N. (eds.) PCI 2005. LNCS, vol.\u00a03746, pp. 548\u2013558. Springer, Heidelberg (2005)"},{"key":"5_CR7","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1016\/S1389-1286(00)00048-7","volume":"33","author":"P. Kormann","year":"2000","unstructured":"Kormann, P., Rubin, A.: Risks of the Passport single sign-on protocol. Computer Networks: The International Journal of Computer and Telecommunications Networking\u00a033, 51\u201358 (2000)","journal-title":"Computer Networks: The International Journal of Computer and Telecommunications Networking"},{"key":"5_CR8","unstructured":"Liberty ID-FF Bindings and Profiles Specification, Liberty Alliance Project (2003), Accessible at: \n                    \n                      http:\/\/www.projectliberty.org\/specs\/liberty-idff-bindings-profiles-v1.2.pdf"},{"key":"5_CR9","doi-asserted-by":"publisher","first-page":"578","DOI":"10.1016\/j.cose.2004.06.013","volume":"23","author":"J. Lopez","year":"2004","unstructured":"Lopez, J., Oppliger, R., Pernul, G.: Authentication and authorization infrastructures (AAIs): a comparative survey. Computers & Security\u00a023, 578\u2013590 (2004)","journal-title":"Computers & Security"},{"key":"5_CR10","unstructured":"Microsoft Passport Review Guide. Accessible at: \n                    \n                      http:\/\/download.microsoft.com\/download\/a\/f\/4\/af49b391-086e-4aa2-a84b-ef6d916b2f08\/passport_reviewguide.doc"},{"key":"5_CR11","series-title":"Lecture Notes in Informatics","first-page":"15","volume-title":"Proc. 2. Jahrestagung des GI-Fachbereichs Sicherheit","author":"T. Nowey","year":"2005","unstructured":"Nowey, T., Federrath, H., Klein, C., Pl\u00f6ssl, K.: Ans\u00e4tze zur Evaluierung von Sicherheitsinvestitionen. In: Proc. 2. Jahrestagung des GI-Fachbereichs Sicherheit. Lecture Notes in Informatics, vol.\u00a0P-62, pp. 15\u201326. K\u00f6llen-Verlag, Bonn (2005)"},{"key":"5_CR12","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1016\/S0164-1212(00)00017-0","volume":"53","author":"S.L. Pfleeger","year":"2000","unstructured":"Pfleeger, S.L.: Risky Business: what we have yet to learn about risk management. Journal of Systems and Software\u00a053, 265\u2013273 (2000)","journal-title":"Journal of Systems and Software"},{"key":"5_CR13","volume-title":"Security in Computing","author":"C.P. Pfleeger","year":"2002","unstructured":"Pfleeger, C.P., Pfleeger, S.L.: Security in Computing, 3rd edn. Prentice Hall, New Jersey (2002)","edition":"3"},{"key":"5_CR14","doi-asserted-by":"publisher","first-page":"709","DOI":"10.1109\/ARES.2006.13","volume-title":"Proc. of the First International Conference on Availability, Reliability and Security (ARES 2006)","author":"C. Schlaeger","year":"2006","unstructured":"Schlaeger, C., Nowey, T., Montenegro, J.A.: A Reference Model for Authentication and Authorisation Infrastructures Respecting Privacy and Flexibility in b2c eCommerce. In: Proc. of the First International Conference on Availability, Reliability and Security (ARES 2006), pp. 709\u2013716. IEEE Computer Society, Los Alamitos (2006)"},{"key":"5_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"306","DOI":"10.1007\/11545163_31","volume-title":"E-Commerce and Web Technologies","author":"C. Schlaeger","year":"2005","unstructured":"Schlaeger, C., Pernul, G.: Authentication and Authorisation Infrastructures in b2c e-commerce. In: Bauknecht, K., Pr\u00f6ll, B., Werthner, H. (eds.) EC-Web 2005. LNCS, vol.\u00a03590, pp. 306\u2013315. Springer, Heidelberg (2005)"},{"key":"5_CR16","volume-title":"Grundlagen und Paradigmen","author":"A.S. Tanenbaum","year":"2003","unstructured":"Tanenbaum, A.S., van Stehen, M.: Verteilte Systeme. In: Grundlagen und Paradigmen. Prentice Hall, M\u00fcnchen (2003)"},{"key":"5_CR17","unstructured":"Vidalis, S.: A Critical Discussion of Risk and Threat Analysis Methods and Methodologies. School of Computing Technical Report CS-04-03, University of Glamorgan (2004)"}],"container-title":["Lecture Notes in Computer Science","Trust and Privacy in Digital Business"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11824633_5.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,27]],"date-time":"2021-04-27T07:12:31Z","timestamp":1619507551000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11824633_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540377504","9783540377528"],"references-count":17,"URL":"https:\/\/doi.org\/10.1007\/11824633_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2006]]}}}