Skip to main content

Obligations for Privacy and Confidentiality in Distributed Transactions

Mbanaso, Uche and Cooper, G.S. and Chadwick, David W. and Anderson, Anne (2007) Obligations for Privacy and Confidentiality in Distributed Transactions. In: Denko, Mieso K., ed. Emerging Directions in Embedded and Ubiquitous Computing EUC 2007 Workshops. Lecture Notes In Computer Science . Springer, Berlin, Germany, pp. 69-81. ISBN 978-3-540-77089-3. E-ISBN 978-3-540-77090-9. (doi:10.1007/978-3-540-77090-9_7)

Abstract

Existing access control systems are typically unilateral in that the enterprise service provider assigns the access rights and makes the access control decisions, and there is no negotiation between the client and the service provider. As access management systems lean towards being user-centric, unilateral approaches can no longer adequately preserve the users privacy, particularly where the communicating parties have no pre-existing trust relationships. Establishing sufficient trust is therefore essential before parties can exchange sensitive information. This paper describes a bilateral symmetric approach to access control which deals with privacy and confidentiality simultaneously in distributed transactions. We introduce the concept of Obligation of Trust (OoT) as a privacy assurance mechanism that is built upon the XACML standard. The OoT allows communicating parties to dynamically exchange their privacy requirements, which we term Notification of Obligations (NOB) as well as their committed obligations, which we term Signed Acceptance of Obligations (SAO). We describe some applicability of these concepts and show how they can be integrated into distributed access control systems for stricter privacy and confidentiality control.

Item Type: Book section
DOI/Identification number: 10.1007/978-3-540-77090-9_7
Uncontrolled keywords: Access Control, Service Level Agreement, Privacy Requirement, Security Domain, Policy Decision Point
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Faculties > Sciences > School of Computing > Security Group
Depositing User: Mark Wheadon
Date Deposited: 24 Nov 2008 18:04 UTC
Last Modified: 23 Jan 2020 04:02 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/14525 (The current URI for this page, for reference purposes)
Chadwick, David W.: https://orcid.org/0000-0003-3145-055X
  • Depositors only (login required):

Downloads

Downloads per month over past year