Certification and Security in E-Services

The field of services managed and accessed through communication networks is growing in magnitude throughout society. A crucial aspect of this process is the capability of certifying what has occurred in the interaction over the networks, and ensuring that the integrity of the involved computer-based systems was maintained. Certifying the execution of an e-service provided on the network as the result of the interaction among independent organizations is a critical area for the underlying IT-infrastructure. In fact, given the legal value that is often attached to data managed and exchanged during the execution of such an inter-organizational e-service, being able to document what was actually carried out is of the utmost importance. This is made more complex in cases where e-services are based on legacy systems managed by autonomous and independent organizations, as often happens in the public administration sector. Additionally, the whole area of security issues, from the basic (availability, authentication, integrity, confidentiality) to the more complex (for example, authorization, non-repudiation) involves the equally critical ability to track down responsibilities ("who did what"). This capability is mandatory to increase the presence and use of e-service IT-infrastructures. The two areas of certification and security have a common technological intersection, since both are based on the reliable and efficient monitoring of executed and running processes. Certification and security are as well fundamental processes in organizational and economic terms. This volume contains the edited proceedings of the International Workshop on Certification and Security in E-Services and the Workshop on E-Government and Security, which were sponsored by the International Federation for Information Processing (IFIP) and held in conjunction with the 17th World Computer Congress in Montreal, Quebec, Canada in August 2002. The result of in-depth debates among leading actors from government, industry and academia, this work discusses the technical and organizational aspects of these two areas and their interrelations, presenting both real-life application experiences and methodological proposals. It should be a useful reference book for specialists from both academia and industry involved in the growing field of IT services provided over the Internet.