Mbanaso, Uche, Cooper, G.S., Chadwick, David W., Anderson, Anne (2009) Obligations of Trust for Privacy and Confidentiality in Distributed Transactions. Internet Research, 19 (2). pp. 182-196. (doi:10.1108/10662240910952328) (The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided) (KAR id:30610)
| The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided. | |
| Official URL: http://dx.doi.org/10.1108/10662240910952328 |
Abstract
Purpose
This paper describes a bilateral symmetric approach to authorization, privacy protection and obligation enforcement in distributed transactions. We introduce the concept of the Obligation of Trust (OoT) protocol as a privacy assurance and authorization mechanism that is built upon the XACML standard. The OoT allows two communicating parties to dynamically exchange their privacy and authorization requirements and capabilities, which we term a Notification of Obligation (NoB), as well as their commitments to fulfilling each others requirements, which we term Signed Acceptance of Obligations (SAO). We describe some applicability of these concepts and show how they can be integrated into distributed authorization systems for stricter privacy and confidentiality control.
Design/Methodology/Approach
Existing access control and privacy protection systems are typically unilateral and provider-centric, in that the enterprise service provider assigns the access rights, makes the access control decisions, and determines the privacy policy. There is no negotiation between the client and the service provider about which access control or privacy policy to use. We adopt a symmetric, more user-centric approach to privacy protection and authorization, which treats the client and service provider as peers, in which both can stipulate their requirements and capabilities, and hence negotiate terms which are equally acceptable to both parties.
Findings
We demonstrate how the Obligation of Trust protocol can be used in a number of different scenarios to improve upon the mechanisms that are currently available today.
Practical Implications
This approach will serve to increase trust in distributed transactions since each communicating party receives a difficult to repudiate digitally signed Acceptance of Obligations, in a standard language (XACML), which can be automatically enforced by their respective computing machinery.
Originality/Value
This paper adds to current research in trust negotiation, privacy protection and authorization by combining all three together into one set of standardized protocols. Furthermore, by providing hard to repudiate Signed Acceptance of Obligations messages, this strengthens the legal case of the injured party should a dispute arise.
| Item Type: | Article |
|---|---|
| DOI/Identification number: | 10.1108/10662240910952328 |
| Uncontrolled keywords: | XACML, trust, privacy, obligations, trust negotiation, SAML, authorization |
| Subjects: | Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming, |
| Divisions: | Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing |
| Depositing User: | David Chadwick |
| Date Deposited: | 21 Sep 2012 09:49 UTC |
| Last Modified: | 16 Nov 2021 10:08 UTC |
| Resource URI: | https://kar.kent.ac.uk/id/eprint/30610 (The current URI for this page, for reference purposes) |
University of Kent Author Information
Chadwick, David W..
| Creator's ORCID: |
 https://orcid.org/0000-0003-3145-055X
|
|---|---|
| CReDIT Contributor Roles: |
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):
Altmetric
Altmetric
