Negotiated Revealing of Trader’s Credentials in e-Marketplaces: Dealing with Trust and Privacy Issues Marco Casassa Mont, Mike Yearworth Trusted E-Services Lab Hewlett-Packard Laboratories Bristol, UK WECWIS 2002

Outline Background Focus: Admittance to Negotiation Current Issues Admittance Model (work in progress …) Conclusions

e-Marketplace Trader (Buyer) Trader (Seller) Trader e-Marketplace Market Maker Trader Contexts: B2B, C2B, C2C, … e -Marketplace: Context used for this presentation! Our concepts are valid in other contexts where there is a need for Trust and Trust Mediation in Negotiation

Advantages Fraction of physical-world costs Services available to a broader set of participants Low cost of connection enables fragmented buyers and sellers to to find each others Independence from geographical location Improved pricing mechanisms Automated trading can eliminate market inefficiencies … Requirements Integrity, Trust, Fairness, Transparency, Automation

Traders: Interaction Phases MembershipNegotiationContractFulfilment Our Research: Transition to the Future - Reduce Friction in the Relationship Chain - Reduce Switching Costs and “Pain” Discovery Flexibility and Automation Trust and Privacy

Traders: Interaction Phases MembershipNegotiationContractFulfilment Implications for Traders Provision of credentials confirming legal status Verification of identity Credit and Insurance checking Historical behaviour … Negotiation Process Admittance To Negotiation Admittance to Negotiation (Trust and Privacy issues) Admittance to e-Marketplace (Trust and Privacy issues)

Current Model (e-Marketplaces) The Market Maker: acts as a Trusted Third Party (TTP) defines admissions criteria to e-marketplace (vetting policies) enforces market policies enforces deadlines enforces penalties deals with disclosures of identities Admittance Criteria to Negotiation are usually imposed in a non-negotiable way by the Market Maker Often out of bounds communication systems (such as FAX, letters, phones, face-to-face) are used to provide credentials to the Market Maker

CATEX Credit Trade Metal Site National Transportation Exchange PaperSpace Plastics net Covisint Converge Supplyon … Examples of B2B e-Marketplaces Based on the above model: This Model is potentially fine for Vertical, Closed Marketplaces or where a Party has Dominant Positions Moai i2 B2Bi Ariba CommerceOne … Platforms

Other Relevant Contexts Dynamic and Open e-Marketplaces 1:1 1:N Ad-hoc 1-1, 1-N Negotiation, on the Internet (exploiting Web Services …) Sometimes Platforms are not involved Negotiation techniques are well known (not an issue) Trust Management is really an important issue  Trust Management for Admittance to Negotiation

The Negotiation Initiator might want to define Admission Criteria specific to their business needs and their business polices. Flexibility is important. Traders seeking for admission might want to have control over the disclosure of their credentials – Trust and Privacy issues. Admission to Negotiation Issues

Not necessarily the Market Maker is the right entity to define admission criteria to negotiations or make admission decisions: Only general knowledge of participants in case of open and dynamic e-marketplace No understanding of specific admission criteria Vested interests in the market It might not want to be fully accountable or liable for negotiation-related issues Admission to Negotiation Issues

Our Objectives Flexibility of Admission to Negotiation. Separation between: Privacy and Trust for Admittance to Negotiation Admittance Criteria to e-Marketplace (Market Maker) Admittance Criteria to Negotiation Automation of the Process for Admittance to Negotiation Admittance to Negotiation

Model The Admittance Service is a Trust Service: it must be Accountable We have experience on TTPs and Trust Services Trader (Negotiation Initiator) Trader e-Marketplace Admittance Controller (Trusted Third Party) Admittance Document (AD) Admittance Service Response Digital Credentials Admittance Request Admittance Criteria to Negotiation and Privacy Criteria Negotiated Revealing of Credentials

Admittance Document (AD) Part A: Public Part B: Private Types of Digital Credentials Required to be Admitted to Negotiation Extent of Disclosure Options List of Admission Criteria to Negotiation (policies) Automation, Flexibility, Privacy and Trust: Admittance Document

Part A: Credentials and Disclosure Criteria Automation and Trust: Usage of Digital Credentials Identification Credential Credit Limit Credential Past History Credential Attribute Credential Third Party References Payment Instruments Billing Detail Rating Information Proof of Ownership … Extent of Disclosures Only Reveal to Admittance Controller Reveal to Market Maker Reveal to Negotiation Initiator Reveal a proof of ownership (signed hash value …) Reveal credential before negotiation for admittance starts Reveal credential specifics when admittance agreed Reveal on trade … Privacy: Explicit definition of Digital Credentials’ disclosure criteria Type of Digital Credentials

Example Admit if: (Trader identification is provided to AC prior to admittance AND certified by Market Maker) AND (Trader credit > $20000 revealed to AC prior to admittance AND certified by a Bank member of Identrus) AND Digital Underwriting Credential C provided to AC by “Rating Association” prior to admittance AND (C.deliveryHistory is “OK” AND C.qualityHistory is “OK”) Action: disclose trader’s credit to Negotiation Initiator only after admittance Part B: Admittance Policies Flexibility: Explicit (and business tailored) definition of Admittance Criteria to Negotiation

Admittance Controller It is an Accountable Entity It provides a Trust Service on the Internet: It must be compliant with privacy and data protection laws It must provide non-repudiable evidence about its business conduct It must be periodically audited At HP Labs Bristol we research and build Technology to address requirements for Trust Services

Admittance Process Negotiated Revealing of Credentials Negotiation Initiator generates AD definition Negotiation Initiator submits AD to Admittance Controller Trader selects credentials from AD Trader sets disclosure level Trader sends admittance request To Admittance Controller Admittance Controller assesses admittance request Grant Admittance? Does the Trader Revise their Offer? Admittance Controller sends an explanation to the Trader (optional) Trader admitted to negotiation Trader leaves Yes Not Yes Not Initial Phase

E-Marketplace Trader Admittance Controllers High Level Architecture Admittance Service Admittance Module Marketplace Services Admittance Module Trader (Negotiation Initiator) Admission Request Response AD Submission 1 2 3

Admittance Service Communication Publisher Storage Negotiation Context Manager Interaction Manager Logging Auditing Digital Credentials Verification Service Links to External Trust Services Admittance Engine UI The Admittance Service is a Trust Service: it must be Accountable ADs AD Interpreter Credential Manager

Trader’s Admittance Module Communication Credential Storage Interaction Manager Credential Manager UI AD Interpreter AD Authoring Tools Logging Auditing Digital Credentials Verification Service Links to External Trust Services Implemented as: Plug-in, Enterprise back-end Module, etc.

Infrastructure Technologies Authentication User/Password, X.509 Identity Certificates, Membership ID, … Secure Communication SSL, S/MIME, … Digital Credentials X.509 Attribute Certificates, PKI, Signed XML, Encrypted XML, … AD document Signed XML, Encrypted XML, … Admittance Policies Logical Constraints, Rules, Scripts, … Admittance Engine Rule-based engine, … Integration Web Services, EAI products, …

Current Work Work in Progress … Prototype of the Admittance Service and the Client Admittance Module Simulated e-Marketplace to get first-hand experience of usability and effectiveness Model Refinement by interacting with Customers

Open Issues No Open and Dynamic B2B e-Marketplaces so far … (… our model is not specific for e-Marketplaces!) Need for e-Trust Service Ecosystem to underpin Trust on the Internet Need for Digital Credential Standards (Syntax and Semantics)

Conclusions Importance of Accountable (Trusted Third) Parties and Trust Services to deal with confidential information Transparency of Processes is fundamental when dealing with Privacy issues Digital Credentials can be used to provide Trust and Automation although work needs to be done to build an e-Trust Service Ecosystem to fully underpin them Very Complex Area: Work in progress … More Flexibility. Separation of Admittance Criteria to Marketplace from Admission Criteria to Negotiation.