Negotiated Revealing of Trader’s Credentials in e-Marketplaces: Dealing with Trust and Privacy...
25
Negotiated Revealing Negotiated Revealing of Trader’s of Trader’s Credentials in Credentials in e-Marketplaces: e-Marketplaces: Dealing with Trust Dealing with Trust and and Privacy Issues Privacy Issues Marco Casassa Mont, Mike Yearworth Marco Casassa Mont, Mike Yearworth [email protected] [email protected] [email protected] [email protected] Trusted E-Services Trusted E-Services Lab Lab Hewlett-Packard Hewlett-Packard Laboratories Laboratories Bristol, UK Bristol, UK WECWIS 2002 WECWIS 2002
-
Upload
darleen-green -
Category
Documents
-
view
218 -
download
1
Transcript of Negotiated Revealing of Trader’s Credentials in e-Marketplaces: Dealing with Trust and Privacy...
Negotiated Revealing of Negotiated Revealing of Trader’s Credentials in Trader’s Credentials in
e-Marketplaces: e-Marketplaces: Dealing with Trust and Dealing with Trust and
Privacy IssuesPrivacy Issues
Marco Casassa Mont, Mike YearworthMarco Casassa Mont, Mike [email protected][email protected]
[email protected][email protected]
Trusted E-Services LabTrusted E-Services LabHewlett-Packard Laboratories Hewlett-Packard Laboratories Bristol, UKBristol, UK
WECWIS 2002 WECWIS 2002
Outline
• Background
• Focus: Admittance to Negotiation
• Current Issues
• Admittance Model (work in progress …)
• Conclusions
e-Marketplace
Trader (Buyer) Trader (Seller)
Trader
Trader
e-Marketplace
Market Maker
Trader
Contexts: B2B, C2B, C2C, …
e-Marketplace: Context used for this presentation! Our concepts are valid in other contexts where there is a need for Trust and Trust Mediation in Negotiation
Traders: Interaction Phases
Membership Negotiation Contract Fulfilment
Our Research: • Transition to the Future
- Reduce Friction in the Relationship Chain - Reduce Switching Costs and “Pain”
Dis
cove
ry
• Flexibility and Automation
• Trust and Privacy
Traders: Interaction Phases
Membership Negotiation Contract Fulfilment
Implications for Traders• Provision of credentials confirming legal status• Verification of identity • Credit and Insurance checking • Historical behaviour• …
Negotiation Process
AdmittanceTo Negotiation
Admittance to Negotiation (Trust and Privacy issues)
Admittance to e-Marketplace(Trust and Privacy issues)
Current Model (e-Marketplaces)
• The Market Maker:• acts as a Trusted Third Party (TTP)• defines admissions criteria to e-marketplace (vetting policies) • enforces market policies• enforces deadlines• enforces penalties• deals with disclosures of identities
• Admittance Criteria to Negotiation are usually imposed in a non-negotiable way by the Market Maker
• Often out of bounds communication systems (such as FAX, letters, phones, face-to-face) are used to provide credentials to the Market Maker
CATEX
Credit Trade
Metal Site
National Transportation Exchange
PaperSpace
Plastics net
Covisint
Converge
Supplyon …
Examples of B2B e-MarketplacesBased on the above model:
This Model is potentially fine for Vertical, Closed Marketplaces orwhere a Party has Dominant Positions
Moai
i2
B2Bi
Ariba
CommerceOne
…
Platforms
Other Relevant Contexts
Dynamic and Open e-Marketplaces
1:1
1:N
Ad-hoc 1-1, 1-N Negotiation, on theInternet (exploiting Web Services …)
• Sometimes Platforms are not involved • Negotiation techniques are well known (not an issue)• Trust Management is really an important issue
Trust Management for Admittance to Negotiation
• The Negotiation Initiator might want to define Admission Criteria specific to their business needs and their business polices. Flexibility is important.
• Traders seeking for admission might want to have control over the disclosure of their credentials – Trust and Privacy issues.
Admission to NegotiationIssues
Not necessarily the Market Maker is the right entity to define admission criteria to negotiations or make admission decisions:
• Only general knowledge of participants in case of open and dynamic e-marketplace• No understanding of specific admission criteria
• Vested interests in the market
• It might not want to be fully accountable or liable for negotiation-related issues
Admission to NegotiationIssues
Our Objectives
• Flexibility of Admission to Negotiation. Separation between:
• Privacy and Trust for Admittance to Negotiation
• Admittance Criteria to e-Marketplace (Market Maker)• Admittance Criteria to Negotiation
• Automation of the Process for Admittance to Negotiation
Admittance to Negotiation
Admittance to NegotiationModel
The Admittance Service is a Trust Service: it must be AccountableWe have experience on TTPs and Trust Services
Trader(Negotiation Initiator)
Trader
Trader
e-Marketplace
AdmittanceController(Trusted Third Party)
AdmittanceDocument(AD)
AdmittanceService
Response
DigitalCredentials
AdmittanceRequest
AdmittanceCriteria toNegotiation and
Privacy Criteria
NegotiatedRevealingof Credentials
1
2 4 5
3
Admittance Document (AD)
Part A: Public
Part B: Private
• Types of Digital Credentials Required to be Admitted to Negotiation
• Extent of Disclosure Options
• List of Admission Criteria to Negotiation (policies)
Automation, Flexibility, Privacy and Trust: Admittance Document
Part A: Credentials and Disclosure Criteria
Automation and Trust: Usage of Digital Credentials
Identification Credential
Credit Limit Credential
Past History Credential
Attribute Credential
Third Party References
Payment Instruments
Billing Detail
Rating Information
Proof of Ownership …
Extent of Disclosures
Only Reveal to Admittance Controller
Reveal to Market Maker
Reveal to Negotiation Initiator
Reveal a proof of ownership (signed hash value …)
Reveal credential before negotiation for admittance starts
Reveal credential specifics when admittance agreed
Reveal on trade
…
Privacy: Explicit definition of Digital Credentials’ disclosure criteria
Type of Digital Credentials
Example
Admit if: (Trader identification is provided to AC prior to admittance
AND certified by Market Maker)
AND
(Trader credit > $20000 revealed to AC prior to admittance
AND certified by a Bank member of Identrus)
AND
Digital Underwriting Credential C provided to AC by
“Rating Association” prior to admittance
AND
(C.deliveryHistory is “OK” AND C.qualityHistory is “OK”)
Action: disclose trader’s credit to Negotiation Initiator only after admittance
Part B: Admittance Policies
Flexibility: Explicit (and business tailored) definition of Admittance Criteria to Negotiation
Admittance Controller
• It is an Accountable Entity
• It provides a Trust Service on the Internet:• It must be compliant with privacy and data protection laws• It must provide non-repudiable evidence about its business conduct • It must be periodically audited
At HP Labs Bristol we research and buildTechnology to address requirements for Trust Services
Admittance ProcessNegotiated Revealing of Credentials
Negotiation Initiator generates AD definition
Negotiation Initiator submits AD to Admittance Controller
Trader selects credentials from AD
Trader sets disclosure level
Trader sends admittance requestTo Admittance Controller
Admittance Controller assessesadmittance request
GrantAdmittance?
Does the Trader Revise their
Offer?
Admittance Controller sends anexplanation to the Trader (optional)
Trader admitted to negotiation
Trader leaves
Yes
Not
Yes
Not
Initial Phase
E-MarketplaceTrader
Admittance Controllers
High Level Architecture
AdmittanceService
AdmittanceModule
MarketplaceServices
AdmittanceModule
Trader(Negotiation Initiator)
AdmissionRequest
Response
AD Submission
1
23
Admittance Service
Com
munication
Publisher
Storage
Negotiation ContextManager
InteractionManager
LoggingAuditing
Digital CredentialsVerification Service
Links to ExternalTrust Services
AdmittanceEngine
UI
The Admittance Service is a Trust Service: it must be Accountable
ADs
ADInterpreter
CredentialManager
Trader’s Admittance Module
Com
munication
CredentialStorage
InteractionManager
CredentialManager
UI
ADInterpreter
AD Authoring Tools
LoggingAuditing
Digital CredentialsVerification Service
Links to ExternalTrust Services
Implemented as: Plug-in, Enterprise back-end Module, etc.
Infrastructure Technologies
Authentication User/Password, X.509 Identity Certificates, Membership ID, …
Secure Communication SSL, S/MIME, …
Digital Credentials X.509 Attribute Certificates, PKI, Signed XML, Encrypted XML, …
AD document Signed XML, Encrypted XML, …
Admittance Policies Logical Constraints, Rules, Scripts, …
Admittance Engine Rule-based engine, …
Integration Web Services, EAI products, …
Current Work
• Work in Progress …
• Prototype of the Admittance Service and the Client Admittance Module
• Simulated e-Marketplace to get first-hand experience of usability and effectiveness
• Model Refinement by interacting with Customers
Open Issues
• No Open and Dynamic B2B e-Marketplaces so far … (… our model is not specific for e-Marketplaces!)
• Need for e-Trust Service Ecosystem to underpin Trust on the Internet
• Need for Digital Credential Standards (Syntax and Semantics)
Conclusions• Importance of Accountable (Trusted Third) Parties and Trust Services to deal with confidential information
• Transparency of Processes is fundamental when dealing with Privacy issues
• Digital Credentials can be used to provide Trust and Automation although work needs to be done to build an e-Trust Service Ecosystem to fully underpin them
• Very Complex Area: Work in progress …
• More Flexibility. Separation of Admittance Criteria to Marketplace from Admission Criteria to Negotiation.
