Obligations of trust for privacy and confidentiality in distributed transactions

Purpose – This paper aims to describe a bilateral symmetric approach to authorization, privacy protection and obligation enforcement in distributed transactions. The authors introduce the concept of the obligation of trust (OoT) protocol as a privacy assurance and authorization mechanism that is built upon the XACML standard. The OoT allows two communicating parties to dynamically exchange their privacy and authorization requirements and capabilities, which the authors term a notification of obligation (NoB), as well as their commitments to fulfilling each other's requirements, which the authors term signed acceptance of obligations (SAO). The authors seek to describe some applicability of these concepts and to show how they can be integrated into distributed authorization systems for stricter privacy and confidentiality control. Design/methodology/approach – Existing access control and privacy protection systems are typically unilateral and provider-centric, in that the enterprise service provider assigns the access rights, makes the access control decisions, and determines the privacy policy. There is no negotiation between the client and the service provider about which access control or privacy policy to use. The authors adopt a symmetric, more user-centric approach to privacy protection and authorization, which treats the client and service provider as peers, in which both can stipulate their requirements and capabilities, and hence negotiate terms which are equally acceptable to both parties. Findings – The authors demonstrate how the obligation of trust protocol can be used in a number of different scenarios to improve upon the mechanisms that are currently available today. Practical implications – This approach will serve to increase trust in distributed transactions since each communicating party receives a difficult to repudiate digitally signed acceptance of obligations, in a standard language (XACML), which can be automatically enforced by their respective computing machinery. Originality/value – The paper adds to current research in trust negotiation, privacy protection and authorization by combining all three together into one set of standardized protocols. Furthermore, by providing hard to repudiate signed acceptance of obligations messages, this strengthens the legal case of the injured party should a dispute arise

Integration via Meaning: Using the Semantic Web to deliver Web Services

Presented at the CRIS2002 Conference in Kassel.-- 9 pages.-- Contains: Conference paper (PDF) + PPT presentation.The major developments of the World Wide Web (WWW) in the last two years have been Web Services and the Semantic Web. The former allows the construction of distributed systems across the WWW by providing a lightweight middleware architecture. The latter provides an infrastructure for accessing resources on the WWW via their relationships with respect to conceptual descriptions. In this paper, I shall review the progress undertaken in each of these two areas. Further, I shall argue that in order for the aims of both the Semantic Web and the Web Services activities to be successful, then the Web Service architecture needs to be augmented by concepts and tools of the Semantic Web. This infrastructure will allow resource discovery, brokering and access to be enabled in a standardised, integrated and interoperable manner. Finally, I survey the CLRC Information Technology R&D programme to show how it is contributing to the development of this future infrastructure

A Secure and Fair Resource Sharing Model for Community Clouds

Cloud computing has gained a lot of importance and has been one of the most discussed segment of today\u27s IT industry. As enterprises explore the idea of using clouds, concerns have emerged related to cloud security and standardization. This thesis explores whether the Community Cloud Deployment Model can provide solutions to some of the concerns associated with cloud computing. A secure framework based on trust negotiations for resource sharing within the community is developed as a means to provide standardization and security while building trust during resource sharing within the community. Additionally, a model for fair sharing of resources is developed which makes the resource availability and usage transparent to the community so that members can make informed decisions about their own resource requirements based on the resource usage and availability within the community. Furthermore, the fair-share model discusses methods that can be employed to address situations when the demand for a resource is higher than the resource availability in the resource pool. Various methods that include reduction in the requested amount of resource, early release of the resources and taxing members have been studied, Based on comparisons of these methods along with the advantages and disadvantages of each model outlined, a hybrid method that only taxes members for unused resources is developed. All these methods have been studied through simulations

An Architecture for Information Commerce Systems

The increasing use of the Internet in business and commerce has created a number of new business opportunities and the need for supporting models and platforms. One of these opportunities is information commerce (i-commerce), a special case of ecommerce focused on the purchase and sale of information as a commodity. In this paper we present an architecture for i-commerce systems using OPELIX (Open Personalized Electronic Information Commerce System) [11] as an example. OPELIX provides an open information commerce platform that enables enterprises to produce, sell, deliver, and manage information products and related services over the Internet. We focus on the notion of information marketplace, a virtual location that enables i-commerce, describe the business and domain model for an information marketplace, and discuss the role of intermediaries in this environment. The domain model is used as the basis for the software architecture of the OPELIX system. We discuss the characteristics of the OPELIX architecture and compare our approach to related work in the field