Obligations of trust for privacy and confidentiality in distributed transactions

Purpose – This paper aims to describe a bilateral symmetric approach to authorization, privacy protection and obligation enforcement in distributed transactions. The authors introduce the concept of the obligation of trust (OoT) protocol as a privacy assurance and authorization mechanism that is built upon the XACML standard. The OoT allows two communicating parties to dynamically exchange their privacy and authorization requirements and capabilities, which the authors term a notification of obligation (NoB), as well as their commitments to fulfilling each other's requirements, which the authors term signed acceptance of obligations (SAO). The authors seek to describe some applicability of these concepts and to show how they can be integrated into distributed authorization systems for stricter privacy and confidentiality control. Design/methodology/approach – Existing access control and privacy protection systems are typically unilateral and provider-centric, in that the enterprise service provider assigns the access rights, makes the access control decisions, and determines the privacy policy. There is no negotiation between the client and the service provider about which access control or privacy policy to use. The authors adopt a symmetric, more user-centric approach to privacy protection and authorization, which treats the client and service provider as peers, in which both can stipulate their requirements and capabilities, and hence negotiate terms which are equally acceptable to both parties. Findings – The authors demonstrate how the obligation of trust protocol can be used in a number of different scenarios to improve upon the mechanisms that are currently available today. Practical implications – This approach will serve to increase trust in distributed transactions since each communicating party receives a difficult to repudiate digitally signed acceptance of obligations, in a standard language (XACML), which can be automatically enforced by their respective computing machinery. Originality/value – The paper adds to current research in trust negotiation, privacy protection and authorization by combining all three together into one set of standardized protocols. Furthermore, by providing hard to repudiate signed acceptance of obligations messages, this strengthens the legal case of the injured party should a dispute arise

A personal networking solution

This paper presents an overview of research being conducted on Personal Networking Solutions within the Mobile VCE Personal Distributed Environment Work Area. In particular it attempts to highlight areas of commonality with the MAGNET initiative. These areas include trust of foreign devices and service providers, dynamic real-time service negotiation to permit context-aware service delivery, an automated controller algorithm for wireless ad hoc networks, and routing protocols for ad hoc networking environments. Where possible references are provided to Mobile VCE publications to enable further reading

Collaboration in electronic resource provision in university libraries: SHEDL, a Scottish case study

This case study examines the growth of collaboration among Scottish higher education institutions. Following a summary of the work of the Scottish Confederation of University and Research Libraries (SCURL), more detailed information is provided on collaboration in the fields of acquisition, licensing, selection, and purchasing. Some of the UK background is outlined, relating to NESLi2 in particular, in order to illuminate the options within Scotland. The origins of negotiations on electronic resource provision within Scotland are described, drawing on developments in other countries including Ireland and Scandinavia. After initial setbacks, the implementation of the Scottish Higher Education Digital Library (SHEDL) from 2007 to 2009 is detailed. Current benefits arising from SHEDL are explained, and some possible future developments are discussed

Lex Informatica: The Formulation of Information Policy Rules through Technology

Historically, law and government regulation have established default rules for information policy, including constitutional rules on freedom of expression and statutory rights of ownership of information. This Article will show that for network environments and the Information Society, however, law and government regulation are not the only source of rule-making. Technological capabilities and system design choices impose rules on participants. The creation and implementation of information policy are embedded in network designs and standards as well as in system configurations. Even user preferences and technical choices create overarching, local default rules. This Article argues, in essence, that the set of rules for information flows imposed by technology and communication networks form a “Lex Informatica” that policymakers must understand, consciously recognize, and encourage

Establishing a community-based approach to electronic journal archiving: the UK LOCKSS Pilot Programme

Lots of Copies Keep Stuff Safe (LOCKSS ) represents a sophisticated combination of technical and business-aware elements that can be deployed to ensure the long-term accessibility to electronic journal content even if the publisher ceases to exist, a subscription is terminated, or the already acquired content becomes damaged. Given the potential benefits of LOCKSS to the UK community, and in consideration of the implications of the NESLi2 licences, the Joint Information Systems Committee and the Consortium of University Research Libraries (JISC/CURL) co-funded a UK LOCKSS Pilot Programme to explore issues associated with the practical implementation of LOCKSS in UK Higher Education institutions. The pilot launched in March 2006 and concluded in July 2008. Following on from our experiences throughout the UK LOCKSS Pilot Programme, this paper discusses the organizational attributes of the LOCKSS approach that we expect to further develop in the UK, describes the types of journal content that the current generation of LOCKSS seems best suited to handle and as a result how LOCKSS may fit into the broader journal archiving environment, and it describes the steps we are taking to ensure both the LOCKSS software and Technical Support Service grow effectively to support library use and information management

Developments in information technology, networks and services

A review of policy issues facing Scotland as it faces changing from an industrial society to a knowledge led economy. Identifies the key developments, external trends and internal pressures which library policy makers face. Identifies content creation, metadata, preservation, user support as the four key areas

The legal and contractual aspects of networked cooperation for the building and construction industry

The construction industry is a project-based business bringing together many different organisations to complete a desired goal. The strategic use of Information and Communication Technologies (ICT) has enabled the goal to be completed more effectively. Two issues require addressing, the technology itself and the implementation factors of the technology. Such implementation factors should consider, among other factors, the legal and contractual issues associated with the use of ICT, training requirements and its effects on the organisational culture. To date the legal and contractual issues have not been extensively covered, and it is recognised that the technologies have not been properly covered by any recognised legal and contractual practices. This in turn is threatening to inhibit the growth and prosperity of the use of the technology on construction projects. This paper discusses these legal and contractual issues and describes methods and tools that can be used to enable the growth of technology to be used in a legal and contractually valid environment