An investigation of issues of privacy, anonymity and multi-factor authentication in an open environment

This thesis performs an investigation into issues concerning the broad area ofIdentity and Access Management, with a focus on open environments. Through literature research the issues of privacy, anonymity and access control are identified. The issue of privacy is an inherent problem due to the nature of the digital network environment. Information can be duplicated and modified regardless of the wishes and intentions ofthe owner of that information unless proper measures are taken to secure the environment. Once information is published or divulged on the network, there is very little way of controlling the subsequent usage of that information. To address this issue a model for privacy is presented that follows the user centric paradigm of meta-identity. The lack of anonymity, where security measures can be thwarted through the observation of the environment, is a concern for users and systems. By an attacker observing the communication channel and monitoring the interactions between users and systems over a long enough period of time, it is possible to infer knowledge about the users and systems. This knowledge is used to build an identity profile of potential victims to be used in subsequent attacks. To address the problem, mechanisms for providing an acceptable level of anonymity while maintaining adequate accountability (from a legal standpoint) are explored. In terms of access control, the inherent weakness of single factor authentication mechanisms is discussed. The typical mechanism is the user-name and password pair, which provides a single point of failure. By increasing the factors used in authentication, the amount of work required to compromise the system increases non-linearly. Within an open network, several aspects hinder wide scale adoption and use of multi-factor authentication schemes, such as token management and the impact on usability. The framework is developed from a Utopian point of view, with the aim of being applicable to many situations as opposed to a single specific domain. The framework incorporates multi-factor authentication over multiple paths using mobile phones and GSM networks, and explores the usefulness of such an approach. The models are in tum analysed, providing a discussion into the assumptions made and the problems faced by each model.Adobe Acrobat Pro 9.5.1Adobe Acrobat 9.51 Paper Capture Plug-i

A Reference Model for Authentication and Authorisation Infrastructures Respecting Privacy and Flexibility in b2c eCommerce

Authentication and Authorisation Infrastructures (AAIs) are gaining momentum throughout the Internet. Solutions have been proposed for various scenarios among them academia, GRID computing, company networks, and above all eCommerce applications. Products and concepts vary in architecture, security features, target group, and usability containing different strengths and weaknesses. In addition security needs have changed in communication and business processes. Security on the internet is no longer defined as only security measures for an eCommerce provider against an untrustworthy customer but also vice versa. Consequently, privacy, data canniness, and security are demands in this area. The authors define criteria for an eCommerce provider federation using an AAI with a maximum of privacy and flexibility. The criteria is derived concentrating on b2c eCommerce applications fulfilling the demands. In addition to best practices found, XACML policies and an attribute infrastructure are deployed. Among the evaluated AAIs are Shibboleth, Microsoft Passport, the Liberty Alliance Framework, and PERMIS

Law Concept in ASEAN Economic Community – A Study of e-Commerce Legal Modernization

This research project is an investigation of the regional legal regime in the ASEAN Community. The thesis has adopted a functional, rather than conceptual, approach to understand the regional legalism of ASEAN. The study also provides a contemporary topic related to highlights of the ASEAN’s recent engagement in the regional economic integration to help understand the historic background of its community-building. The main question in this thesis is what law regime of ASEAN Community without supranational structures is, in which the thesis narrows the case study on development of e-commerce law of ASEAN under economic community-building. To answer this question, the thesis firstly investigates the ground of regional integration and legalization in the Community-building, where ASEAN has adopted an instrumentalist conception of the legalism and one based on ‘thin’ constitutionalism. The features of the legal regime in the ASEAN Community are – state-controlled, limited, evolutionary and resting on soft legal regime unlike the European Union that depends more on hard law regime. Despite this, it is argued that even though the European Union model is often utilized as a mother of inspiration, each regional integration bears different model constituent in order to make the best adapt to their regional or local contexts. This thesis examines the ASEAN’s approach in developing regional legal system through the case of e-commerce law development, as well as the challenges in connection with the legal regime and e-commerce laws under the regional integration. The thesis establishes the findings to the exact legal development methods taken by ASEAN in chasing regional e-commerce law and policy. The findings indicate that ASEAN applies a soft legal regime through approach of legal harmonization regarding substantivate commerce law, while abstaining from building a centralized representative body or institution. The study also reveals that although ASEAN has made a great progress in developing principles of e-commerce law among ASEAN jurisdictions and series of e-commerce laws are developed and harmonized, but the complex legal and institutional regime can significantly undermine implementation and enforcement of regional laws of ASEAN. and remain some key challenges

The Law of Global Digitality

The Internet is not an unchartered territory. On the Internet, norms matter. They interact, regulate, are contested and legitimated by multiple actors. But are they diverse and unstructured, or are they part of a recognizable order? And if the latter, what does this order look like? This collected volume explores these key questions while providing new perspectives on the role of law in times of digitality. The book compares six different areas of law that have been particularly exposed to global digitality, namely laws regulating consumer contracts, data protection, the media, financial markets, criminal activity and intellectual property law. By comparing how these very different areas of law have evolved with regard to cross-border online situations, the book considers whether cyberlaw is little more than "the law of the horse", or whether the law of global digitality is indeed special and, if so, what its characteristics across various areas of law are. The book brings together legal academics with expertise in how law has both reacted to and shaped cross-border, global Internet communication and their contributions consider whether it is possible to identify a particular mediality of law in the digital age. Examining whether a global law of digitality has truly emerged, this book will appeal to academics, students and practitioners of law examining the future of the law of digitality as it intersects with traditional categories of law

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse

Towards an eGovernment: the case of the Emirate of Dubai

This thesis examines and assesses the transformation and implementation of the Dubai Government’s operation, governance and delivery of public services through its use of ICT. The research design includes a critical examination of the evolution of ICT and its role in changing public services and government operations worldwide as an early move towards E-Government. Three recognised theories are used to examine the E-Government transformation and its effects of on governments, namely: the Technology Acceptance Model (TAM), the Diffusion of Innovation Theory (DOI) and the Lens of Max Weber’s Theory of Bureaucracy. Generally, the study seeks to determine what were the important factors for Dubai to achieve its strategic plan. Six questions were addressed by the research, stating the scope of work undertaken. First, to measure the status of eGovernment initiatives in terms of usefulness and ease of use. Second, to assess the extent of eGovernment application in terms of Government-to-Customer, Government-to-Business, Government-to-Government, and Government-to-Employees. Third, to determine the level of acceptance of eGovernment initiatives. Fourth, to explore the factors/challenges in a successful eTransformation of Dubai. Fifth, to assess the impacts/opportunities of eGovernment initiatives in the development of Dubai. Sixth, to formulate the model to achieve a successful implementation of eGovernment. A purposive sampling method was used for selecting citizens/customers, business employees and government employees, totalling 1500 equally distributed respondents. The researcher has prepared, administered and empirically tested three questionnaires, and also prepared and administered structured interviews with some officials of eGovernment. Data obtained are presented and analysed. Also, the study examines the catalytic role of eGovernment in the development of society, commerce and government, and shows fundamental changes from traditional systems or from bureaucratic paradigms to eGovernment paradigms. Comparisons are made with eGovernment applications in other countries as per rankings made by the Economist Intelligence Unit (EIU). The researcher has selected top ranked states to examine best practices in e-Government. Most importantly, this research presents a unique and original contribution to knowledge of the subject treated in its programme for achieving successful eGovernment through the proposed rocket ship model Al Bakr eGovernment Model of implementation, adoption, conclusions and findings of the study

Consumer protection in an electronic environment

Consumer protection laws have not evolved on par with the development of electronic media. As a result, consumer protection laws do not address all major areas of legal concern that affect the electronic commerce (e-commerce) consumer. Furthermore, differing laws in the area of consumer protection make harmonised consumer protection neigh on impossible. Currently, there is a plethora of laws on the protection of consumers but most of these laws are within the sphere of conventional consumer protection legislation which does not adequately address the legal challenges posed by the proliferation of electronic transactions (e-transactions). Specific e-transaction laws are now to be found in certain international and regional documents emanating from organisations including: the United Nations (UN); the Council of Europe; the Organisation for Economic Cooperation and Development (OECD); the African Union (AU); the Economic Community of West African States (ECOWAS); the Southern African Development Community (SADC); the Common Market for Eastern and Southern Africa (COMESA); and the East African Community (ECA). These legal instruments have already been implemented in certain states’ national legislation, while other countries have yet to accede to them. Despite these legal instruments, e-commerce consumers are faced with inadequate or obsolete legislative provisions and are yet to enjoy full protection equivalent to that accorded to the “traditional” consumer. Furthermore, given the trans-national nature of the internet, divergent laws will inevitably prove to provide inadequate protection to e-commerce consumers. In this research, international and regional legislative instruments, as well as the national laws of selected countries such as the United States (US), the United Kingdom (UK), the Republic of South Africa (South Africa), the Federal Republic of Nigeria (Nigeria), and the Commonwealth of Australia (Australia) are examined. The strengths and gaps in each of these instruments and laws are identified with the aim of harmonising the principles they espouse in a single, cogent, and comprehensive body of rules which could take the form of an international convention. An international convention should be based on national and international best practices. The national adoption of the minimum standards espoused in the proposed Convention will ultimately, promote harmonisation.Mercantile LawLL. D

A decision framework to mitigate vendor lock-in risks in cloud (SaaS category) migration.

Cloud computing offers an innovative business model to enterprise IT services consumption and delivery. However, vendor lock-in is recognised as being a major barrier to the adoption of cloud computing, due to lack of standardisation. So far, current solutions and efforts tackling the vendor lock-in problem have been confined to/or are predominantly technology-oriented. Limited studies exist to analyse and highlight the complexity of vendor lock-in problem existing in the cloud environment. Consequently, customers are unaware of proprietary standards which inhibit interoperability and portability of applications when taking services from vendors. The complexity of the service offerings makes it imperative for businesses to use a clear and well understood decision process to procure, migrate and/or discontinue cloud services. To date, the expertise and technological solutions to simplify such transition and facilitate good decision making to avoid lock-in risks in the cloud are limited. Besides, little research investigations have been carried out to provide a cloud migration decision framework to assist enterprises to avoid lock-in risks when implementing cloud-based Software-as-a-Service (SaaS) solutions within existing environments. Such decision framework is important to reduce complexity and variations in implementation patterns on the cloud provider side, while at the same time minimizing potential switching cost for enterprises by resolving integration issues with existing IT infrastructures. Thus, the purpose of this thesis is to propose a decision framework to mitigate vendor lock-in risks in cloud (SaaS) migration. The framework follows a systematic literature review and analysis to present research findings containing factual and objective information, and business requirements for vendor-neutral interoperable cloud services, and/or when making architectural decisions for secure cloud migration and integration. The underlying research procedure for this thesis investigation consists of a survey based on qualitative and quantitative approaches conducted to identify the main risk factors that give rise to cloud computing lock-in situations. Epistemologically, the research design consists of two distinct phases. In phase 1, qualitative data were collected using open-ended interviews with IT practitioners to explore the business-related issues of vendor lock-in affecting cloud adoption. Whereas the goal of phase 2 was to identify and evaluate the risks and opportunities of lock-in which affect stakeholders’ decision-making about migrating to cloud-based solutions. In synthesis, the survey analysis and the framework proposed by this research (through its step-by-step approach), provides guidance on how enterprises can avoid being locked to individual cloud service providers. This reduces the risk of dependency on a cloud provider for service provision, especially if data portability, as the most fundamental aspect, is not enabled. Moreover, it also ensures appropriate pre-planning and due diligence so that the correct cloud service provider(s) with the most acceptable risks to vendor lock-in is chosen, and that the impact on the business is properly understood (upfront), managed (iteratively), and controlled (periodically). Each decision step within the framework prepares the way for the subsequent step, which supports a company to gather the correct information to make a right decision before proceeding to the next step. The reason for such an approach is to support an organisation with its planning and adaptation of the services to suit the business requirements and objectives. Furthermore, several strategies are proposed on how to avoid and mitigate lock-in risks when migrating to cloud computing. The strategies relate to contract, selection of vendors that support standardised formats and protocols regarding data structures and APIs, negotiating cloud service agreements (SLA) accordingly as well as developing awareness of commonalities and dependencies among cloud-based solutions. The implementation of proposed strategies and supporting framework has a great potential to reduce the risks of vendor lock-in