Obligations of trust for privacy and confidentiality in distributed transactions

Purpose – This paper aims to describe a bilateral symmetric approach to authorization, privacy protection and obligation enforcement in distributed transactions. The authors introduce the concept of the obligation of trust (OoT) protocol as a privacy assurance and authorization mechanism that is built upon the XACML standard. The OoT allows two communicating parties to dynamically exchange their privacy and authorization requirements and capabilities, which the authors term a notification of obligation (NoB), as well as their commitments to fulfilling each other's requirements, which the authors term signed acceptance of obligations (SAO). The authors seek to describe some applicability of these concepts and to show how they can be integrated into distributed authorization systems for stricter privacy and confidentiality control. Design/methodology/approach – Existing access control and privacy protection systems are typically unilateral and provider-centric, in that the enterprise service provider assigns the access rights, makes the access control decisions, and determines the privacy policy. There is no negotiation between the client and the service provider about which access control or privacy policy to use. The authors adopt a symmetric, more user-centric approach to privacy protection and authorization, which treats the client and service provider as peers, in which both can stipulate their requirements and capabilities, and hence negotiate terms which are equally acceptable to both parties. Findings – The authors demonstrate how the obligation of trust protocol can be used in a number of different scenarios to improve upon the mechanisms that are currently available today. Practical implications – This approach will serve to increase trust in distributed transactions since each communicating party receives a difficult to repudiate digitally signed acceptance of obligations, in a standard language (XACML), which can be automatically enforced by their respective computing machinery. Originality/value – The paper adds to current research in trust negotiation, privacy protection and authorization by combining all three together into one set of standardized protocols. Furthermore, by providing hard to repudiate signed acceptance of obligations messages, this strengthens the legal case of the injured party should a dispute arise

El desarrollo de software dirigido por modelos en los repositorios institucionales

Los Repositorios Institucionales (RI) se han consolidado en la academia, prueba de ello es el crecimiento en número de registros en los directorios existentes realizado por diferentes vías: autoarchivo por parte de autores, la incorporación de material a cargo de bibliotecarios, entre otras. En este trabajo se hace un relevamiento bibliográfico sobre el uso del enfoque de Desarrollo de Software Dirigido por Modelos (MDD) en los sistemas de RI con el propósito de establecer una relación entre ellos. El MDD es un paradigma de construcción de software que asigna a los modelos un rol central y se derivan modelos que van desde los más abstractos a los más concretos. Este paradigma, además, proporciona un marco de trabajo que permite a los interesados compartir sus puntos de vista y manipular las representaciones de las entidades del dominio. En conclusión, el seguimiento de las diferentes investigaciones relevadas y lo aquí expuesto permiten incentivar implementaciones de software para los RI.Servicio de Difusión de la Creación Intelectual (SEDICI

Model-driven software development in the institutional repositories

Los Repositorios Institucionales (RI) se han consolidado en la academia, prueba de ello es el crecimiento en número de registros en los directorios existentes realizado por diferentes vías: autoarchivo por parte de autores, la incorporación de material a cargo de bibliotecarios, entre otras. En este trabajo se hace un relevamiento bibliográfico sobre el uso del enfoque de Desarrollo de Software Dirigido por Modelos (MDD) en los sistemas de RI con el propósito de establecer una relación entre ellos. El MDD es un paradigma de construcción de software que asigna a los modelos un rol central y se derivan modelos que van desde los más abstractos a los más concretos. Este paradigma, además, proporciona un marco de trabajo que permite a los interesados compartir sus puntos de vista y manipular las representaciones de las entidades del dominio. En conclusión, el seguimiento de las diferentes investigaciones relevadas y lo aquí expuesto permiten incentivar implementaciones de software para los RI.The Institutional Repositories (IR) have been consolidated into the academy, the proof of this is the growth in number of records in existing directories made by various means, such as self-archiving by authors and the incorporation of material by librarians. In this paper, a bibliographic survey about the use of the Model-Driven Software Development approach is done (MDD) in the IR systems in order to establish a relationship between them. The MDD is a paradigm for building software that assigns a central role to the models and originates models that range from the most abstract to the most concrete. This paradigm also provides a framework that allows the interested ones to share their points of view and directly manipulate the representations of the domain entities from IR. In conclusion, the monitoring of the various researches, and what is expressed here, allow to encourage the implementation of software for IR.Servicio de Difusión de la Creación Intelectual (SEDICI

An investigation of interoperability issues between authorisation systems within web services

The existing authorisation systems within the context of Web Services mainly apply two access control approaches – Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). The RBAC approach links an authenticated Web Service Requester to its specific access control permission through roles, but RBAC is not flexible enough to cater for some cases where extra attribute information is needed in addition to the identity. By contrast, the ABAC approach has more flexibility, as it allows a Web Service Requester to submit necessary credentials containing extra attribute information that can fulfil the policies declared by a Web Service Provider, which aims to protect the sensitive resources/services.RBAC and ABAC can only help to establish a unilateral trust relationship between two Web Services to enable a Web Service Provider to make an access control decision. Unfortunately, the nature of Web Services presents a high probability that two Web Services may not know each other. Therefore, successful authorisation may fail, if the Web Service Requester does not trust the Web Service Provider.Trust Negotiation (TN) is also an access control approach, which can provide a bilateral trust relationship between two unknown entities, so it sometimes can enable authorisation success in situations where success is not possible through RBAC or ABAC approaches. However, interoperability issues will arise between authorisation systems within Web Services, where a bilateral trust-based authorisation solution is applied. In addition, a lack of a unified approach that can address the interoperability issues remains as a research problem. This research aims to explore possible factors causing the lack of interoperability first, and then to explore an approach that can address the interoperability issues. The main contributions of this research are an improved interoperability model illustrating interoperability issues at different layers of abstraction, and a novel interoperability-solution design along with an improved TN protocol as an example of utilising this design to provide interoperability between authorisation systems within Web Services

Int J Digit Libr (2004) / Digital Object Identifier (DOI) 10.1007/s00799-004-0083-y A trust negotiation system for digital library Web services

Abstract. A scalable approach to trust negotiation is required in digital library (DL) environments that have large and dynamic user populations. In this paper we introduce Trust-Serv, a model-driven trust negotiation framework for Web services, and show how it can be used to effectively handle trust negotiation in DLs. The framework employs a model for trust negotiation based on state machines, extended with security abstractions. High-level specifications expressed with the state-machine-based model are then translated into formats suitable for automating the trust negotiation process. The proposed framework also supports negotiation policy lifecycle management, an important trait in the dynamic environments that characterize DLs. In particular, we present a set of policy change operations that enable the dynamic evolution of negotiation policies without disrupting ongoing negotiations. The proposed approach has been implemented as a container-centric mechanism that is transparent to the DL and to the developers of DL Web services, simplifying DL development and management as well as enabling scalable deployments