Current research on electronic commerce focuses on means for secure and efficient mechanisms for payments, largely supported by cryptographic techniques. Such mechanisms are indeed necessary for e-commerce, but they are not sufficient. Commercial activities are not limited to simple exchange of funds and merchandise between a client and a vendor. They often consist of multi-step transactions, sometimes involving several participants, that need to be carried out in accordance to a certain policy. Such policies may be concerned with issues that do not lend themselves to purely cryptographic treatment, such as: preventing certificates from being duplicated; ensuring that credit card are used only for the specified transactions; guaranteeing that a payment for services is refundable under specified circumstances; securing the privacy and anonymity of clients; providing a degree of fault tolerance; and establishing access control. This project proposes a general mechanism that can be used to formulate and enforce a wide range of such policies for electronic commerce, in a unified, scalable, and easily deployable manner. The policy is to be stated explicitly, and be enforced by a distributed set of trusted generic controllers. This mechanism is based on the concept of ``Law-Governed interaction,'' developed under a current NSF grant.
