We argue that matrix-based models are inadequate for regulating business to business (or B2B, for short) e-commerce due to the diversity, complexity and potential large number of commercial agreements that have to be supported. To deal with these issues, we propose in this paper an agreementcentric access control model. The paper introduces the concept of communication agreement (CAR) as a means for specifying contractual terms, and presents the CAR enforcement mechanism. We explore the expressive power of the model and show that it can implement regulations which cannot expressed using conventional mechanisms alone. The paper also describes a prototype implementation; the preliminary performance results indicate that the enforcement mechanism is quite affordable, even in its present, experimental stage.