1 A security architecture for electronic commerce applications Bart De Win, Jan Van den Bergh, Frank Matthijs, Bart De Decker, Wouter Joosen Department of Computer Science, K. U. Leuven Celestijnenlaan 200A, B-3001 Leuven, Belgium {bartd, janv, frankm, bart, wouter}@cs.kuleuven.ac.be Key words: electronic commerce, security, transparent Abstract: On the Internet many electronic commerce applications can be used today, but most of them provide only weak security or even none whatsoever. A major cause of this problem is the variety of technologies used to create such applications. Most existing security architectures are not designed to work in different environments. In this paper, we propose a security architecture for generic electronic commerce applications. This architecture is open enough to be able to cope with the different security and technology requirements of today’s electronic commerce applications and it is ready for tomorrow’s new systems. 1. INTRODUCTION When we look at today’s electronic commerce market we see an enormous variety of applications written in several languages running on top of different systems. Most of the applications work quite well, but it is hard to trust them since they lack strong security. There are different types of shortcomings in existing applications, among which: • parties are not able to trust each other because of the uncertainty of the correct identity • there is no simple way of allowing or denying access to certain resources in a system