Presentation is loading. Please wait.

Presentation is loading. Please wait.

Negotiated Revealing of Trader’s Credentials in e-Marketplaces: Dealing with Trust and Privacy Issues Marco Casassa Mont, Mike Yearworth

Published byDarleen Green Modified over 9 years ago

Similar presentations

Presentation on theme: "Negotiated Revealing of Trader’s Credentials in e-Marketplaces: Dealing with Trust and Privacy Issues Marco Casassa Mont, Mike Yearworth"— Presentation transcript:

1 Negotiated Revealing of Trader’s Credentials in e-Marketplaces: Dealing with Trust and Privacy Issues Marco Casassa Mont, Mike Yearworth marco_casassa-mont@hp.commike_yearworth@ph.com Trusted E-Services Lab Hewlett-Packard Laboratories Bristol, UK WECWIS 2002

2 Outline Background Focus: Admittance to Negotiation Current Issues Admittance Model (work in progress …) Conclusions

3 e-Marketplace Trader (Buyer) Trader (Seller) Trader e-Marketplace Market Maker Trader Contexts: B2B, C2B, C2C, … e -Marketplace: Context used for this presentation! Our concepts are valid in other contexts where there is a need for Trust and Trust Mediation in Negotiation

4 Advantages Fraction of physical-world costs Services available to a broader set of participants Low cost of connection enables fragmented buyers and sellers to to find each others Independence from geographical location Improved pricing mechanisms Automated trading can eliminate market inefficiencies … Requirements Integrity, Trust, Fairness, Transparency, Automation

5 Traders: Interaction Phases MembershipNegotiationContractFulfilment Our Research: Transition to the Future - Reduce Friction in the Relationship Chain - Reduce Switching Costs and “Pain” Discovery Flexibility and Automation Trust and Privacy

6 Traders: Interaction Phases MembershipNegotiationContractFulfilment Implications for Traders Provision of credentials confirming legal status Verification of identity Credit and Insurance checking Historical behaviour … Negotiation Process Admittance To Negotiation Admittance to Negotiation (Trust and Privacy issues) Admittance to e-Marketplace (Trust and Privacy issues)

7 Current Model (e-Marketplaces) The Market Maker: acts as a Trusted Third Party (TTP) defines admissions criteria to e-marketplace (vetting policies) enforces market policies enforces deadlines enforces penalties deals with disclosures of identities Admittance Criteria to Negotiation are usually imposed in a non-negotiable way by the Market Maker Often out of bounds communication systems (such as FAX, letters, phones, face-to-face) are used to provide credentials to the Market Maker

8 CATEX Credit Trade Metal Site National Transportation Exchange PaperSpace Plastics net Covisint Converge Supplyon … Examples of B2B e-Marketplaces Based on the above model: This Model is potentially fine for Vertical, Closed Marketplaces or where a Party has Dominant Positions Moai i2 B2Bi Ariba CommerceOne … Platforms

9 Other Relevant Contexts Dynamic and Open e-Marketplaces 1:1 1:N Ad-hoc 1-1, 1-N Negotiation, on the Internet (exploiting Web Services …) Sometimes Platforms are not involved Negotiation techniques are well known (not an issue) Trust Management is really an important issue  Trust Management for Admittance to Negotiation

10 The Negotiation Initiator might want to define Admission Criteria specific to their business needs and their business polices. Flexibility is important. Traders seeking for admission might want to have control over the disclosure of their credentials – Trust and Privacy issues. Admission to Negotiation Issues

11 Not necessarily the Market Maker is the right entity to define admission criteria to negotiations or make admission decisions: Only general knowledge of participants in case of open and dynamic e-marketplace No understanding of specific admission criteria Vested interests in the market It might not want to be fully accountable or liable for negotiation-related issues Admission to Negotiation Issues

12 Our Objectives Flexibility of Admission to Negotiation. Separation between: Privacy and Trust for Admittance to Negotiation Admittance Criteria to e-Marketplace (Market Maker) Admittance Criteria to Negotiation Automation of the Process for Admittance to Negotiation Admittance to Negotiation

13 Model The Admittance Service is a Trust Service: it must be Accountable We have experience on TTPs and Trust Services Trader (Negotiation Initiator) Trader e-Marketplace Admittance Controller (Trusted Third Party) Admittance Document (AD) Admittance Service Response Digital Credentials Admittance Request Admittance Criteria to Negotiation and Privacy Criteria Negotiated Revealing of Credentials 1 245 3

14 Admittance Document (AD) Part A: Public Part B: Private Types of Digital Credentials Required to be Admitted to Negotiation Extent of Disclosure Options List of Admission Criteria to Negotiation (policies) Automation, Flexibility, Privacy and Trust: Admittance Document

15 Part A: Credentials and Disclosure Criteria Automation and Trust: Usage of Digital Credentials Identification Credential Credit Limit Credential Past History Credential Attribute Credential Third Party References Payment Instruments Billing Detail Rating Information Proof of Ownership … Extent of Disclosures Only Reveal to Admittance Controller Reveal to Market Maker Reveal to Negotiation Initiator Reveal a proof of ownership (signed hash value …) Reveal credential before negotiation for admittance starts Reveal credential specifics when admittance agreed Reveal on trade … Privacy: Explicit definition of Digital Credentials’ disclosure criteria Type of Digital Credentials

16 Example Admit if: (Trader identification is provided to AC prior to admittance AND certified by Market Maker) AND (Trader credit > $20000 revealed to AC prior to admittance AND certified by a Bank member of Identrus) AND Digital Underwriting Credential C provided to AC by “Rating Association” prior to admittance AND (C.deliveryHistory is “OK” AND C.qualityHistory is “OK”) Action: disclose trader’s credit to Negotiation Initiator only after admittance Part B: Admittance Policies Flexibility: Explicit (and business tailored) definition of Admittance Criteria to Negotiation

17 Admittance Controller It is an Accountable Entity It provides a Trust Service on the Internet: It must be compliant with privacy and data protection laws It must provide non-repudiable evidence about its business conduct It must be periodically audited At HP Labs Bristol we research and build Technology to address requirements for Trust Services

18 Admittance Process Negotiated Revealing of Credentials Negotiation Initiator generates AD definition Negotiation Initiator submits AD to Admittance Controller Trader selects credentials from AD Trader sets disclosure level Trader sends admittance request To Admittance Controller Admittance Controller assesses admittance request Grant Admittance? Does the Trader Revise their Offer? Admittance Controller sends an explanation to the Trader (optional) Trader admitted to negotiation Trader leaves Yes Not Yes Not Initial Phase

19 E-Marketplace Trader Admittance Controllers High Level Architecture Admittance Service Admittance Module Marketplace Services Admittance Module Trader (Negotiation Initiator) Admission Request Response AD Submission 1 2 3

20 Admittance Service Communication Publisher Storage Negotiation Context Manager Interaction Manager Logging Auditing Digital Credentials Verification Service Links to External Trust Services Admittance Engine UI The Admittance Service is a Trust Service: it must be Accountable ADs AD Interpreter Credential Manager

21 Trader’s Admittance Module Communication Credential Storage Interaction Manager Credential Manager UI AD Interpreter AD Authoring Tools Logging Auditing Digital Credentials Verification Service Links to External Trust Services Implemented as: Plug-in, Enterprise back-end Module, etc.

22 Infrastructure Technologies Authentication User/Password, X.509 Identity Certificates, Membership ID, … Secure Communication SSL, S/MIME, … Digital Credentials X.509 Attribute Certificates, PKI, Signed XML, Encrypted XML, … AD document Signed XML, Encrypted XML, … Admittance Policies Logical Constraints, Rules, Scripts, … Admittance Engine Rule-based engine, … Integration Web Services, EAI products, …

23 Current Work Work in Progress … Prototype of the Admittance Service and the Client Admittance Module Simulated e-Marketplace to get first-hand experience of usability and effectiveness Model Refinement by interacting with Customers

24 Open Issues No Open and Dynamic B2B e-Marketplaces so far … (… our model is not specific for e-Marketplaces!) Need for e-Trust Service Ecosystem to underpin Trust on the Internet Need for Digital Credential Standards (Syntax and Semantics)

25 Conclusions Importance of Accountable (Trusted Third) Parties and Trust Services to deal with confidential information Transparency of Processes is fundamental when dealing with Privacy issues Digital Credentials can be used to provide Trust and Automation although work needs to be done to build an e-Trust Service Ecosystem to fully underpin them Very Complex Area: Work in progress … More Flexibility. Separation of Admittance Criteria to Marketplace from Admission Criteria to Negotiation.

26

Download ppt "Negotiated Revealing of Trader’s Credentials in e-Marketplaces: Dealing with Trust and Privacy Issues Marco Casassa Mont, Mike Yearworth"

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Web Services Security Requirements Stephen T. Whitlock Security Architect Boeing.

Web Services Security Requirements Stephen T. Whitlock Security Architect Boeing.
Directory and Trust Services (D&TS) Define an Abstract Model Purpose: Document a common terminology that the group can use between the various tracks Identify.

Directory and Trust Services (D&TS) Define an Abstract Model Purpose: Document a common terminology that the group can use between the various tracks Identify.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Page 1 Policy-Driven Systems for Enterprise-Wide Security Using PKI and Policies to build Trusted Distributed Authorization Systems Joe Pato Marco Casassa.

Page 1 Policy-Driven Systems for Enterprise-Wide Security Using PKI and Policies to build Trusted Distributed Authorization Systems Joe Pato Marco Casassa.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy and Trust Frameworks/Systems Presented by Zalia Shams Usable Security –

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy and Trust Frameworks/Systems Presented by Zalia Shams Usable Security –
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
Business-to-Business E-Commerce

Business-to-Business E-Commerce
E-Business Models The emphasis is on business in e-business Part 2 – B2B Adomas Svirskas Vilnius University November 2005.

E-Business Models The emphasis is on business in e-business Part 2 – B2B Adomas Svirskas Vilnius University November 2005.
Digital Identities for Networks and Convergence Joao Girao, Amardeo Sarma.

Digital Identities for Networks and Convergence Joao Girao, Amardeo Sarma.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Definitions  eBusiness The use of computer based information systems for the management and coordination.

MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Definitions  eBusiness The use of computer based information systems for the management and coordination.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
1 Pertemuan 9 Understanding Public B2B Exchanges and Portals Matakuliah: J0324/Sistem e-Bisnis Tahun: 2005 Versi: 02/02.

1 Pertemuan 9 Understanding Public B2B Exchanges and Portals Matakuliah: J0324/Sistem e-Bisnis Tahun: 2005 Versi: 02/02.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Similar presentations

Ads by Google