1 / 25

Negotiated Revealing of Trader’s Credentials in e-Marketplaces: Dealing with Trust and Privacy Issues

Negotiated Revealing of Trader’s Credentials in e-Marketplaces: Dealing with Trust and Privacy Issues. Marco Casassa Mont, Mike Yearworth marco_casassa-mont@hp.com mike_yearworth@ph.com. Trusted E-Services Lab Hewlett-Packard Laboratories Bristol, UK. WECWIS 2002 . Outline.

tessica
Télécharger la présentation

Negotiated Revealing of Trader’s Credentials in e-Marketplaces: Dealing with Trust and Privacy Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Negotiated Revealing of Trader’s Credentials in e-Marketplaces: Dealing with Trust and Privacy Issues Marco Casassa Mont, Mike Yearworth marco_casassa-mont@hp.com mike_yearworth@ph.com Trusted E-Services Lab Hewlett-Packard Laboratories Bristol, UK WECWIS 2002

  2. Outline • Background • Focus: Admittance to Negotiation • Current Issues • Admittance Model (work in progress …) • Conclusions

  3. e-Marketplace Trader Trader e-Marketplace Market Maker Trader Trader (Seller) Trader (Buyer) Contexts: B2B, C2B, C2C, … e-Marketplace: Context used for this presentation! Our concepts are valid in other contexts where there is a need for Trust and Trust Mediation in Negotiation

  4. Traders: Interaction Phases Discovery Membership Negotiation Contract Fulfilment • Our Research: • Transition to the Future • - Reduce Friction in the Relationship Chain • - Reduce Switching Costs and “Pain” • Flexibility and Automation • Trust and Privacy

  5. Traders: Interaction Phases Membership Negotiation Contract Fulfilment Negotiation Process Admittance To Negotiation • Implications for Traders • Provision of credentials • confirming legal status • Verification of identity • Credit and Insurance checking • Historical behaviour • … Admittance to Negotiation (Trust and Privacy issues) Admittance to e-Marketplace (Trust and Privacy issues)

  6. Current Model (e-Marketplaces) • The Market Maker: • acts as a Trusted Third Party (TTP) • defines admissions criteria to e-marketplace (vetting policies) • enforces market policies • enforces deadlines • enforces penalties • deals with disclosures of identities • Admittance Criteria to Negotiation are usually • imposed in a non-negotiable way by the Market Maker • Often out of bounds communication systems (such as • FAX, letters, phones, face-to-face) are used to provide • credentials to the Market Maker

  7. Examples of B2B e-Marketplaces Based on the above model: Platforms This Model is potentially fine for Vertical, Closed Marketplaces or where a Party has Dominant Positions

  8. Other Relevant Contexts 1:1 1:N Ad-hoc 1-1, 1-N Negotiation, on the Internet (exploiting Web Services …) Dynamic and Open e-Marketplaces • Sometimes Platforms are not involved • Negotiation techniques are well known (not an issue) • Trust Management is really an important issue •  Trust Management for Admittance to Negotiation

  9. Admission to Negotiation Issues • The Negotiation Initiator might want to define • Admission Criteria specific to their business needs • and their business polices. Flexibility is important. • Traders seeking for admission might want • to have control over the disclosure of their • credentials – Trust and Privacy issues.

  10. Admission to Negotiation Issues • Not necessarily the Market Maker is the right entity • to define admission criteria to negotiations or • make admission decisions: • Only general knowledge of participants • in case of open and dynamic e-marketplace • No understanding of specific admission criteria • Vested interests in the market • It might not want to be fully accountable or liable • for negotiation-related issues

  11. Admittance to Negotiation Our Objectives • Privacy and Trust for Admittance to Negotiation • Flexibility of Admission to Negotiation. • Separation between: • Admittance Criteria to e-Marketplace (Market Maker) • Admittance Criteria to Negotiation • Automation of the Process for Admittance to • Negotiation

  12. Admittance to Negotiation Model 2 4 5 Admittance Request Negotiated Revealing of Credentials Admittance Controller (Trusted Third Party) Digital Credentials 3 Admittance Service Response Trader e-Marketplace Admittance Criteria to Negotiation and Privacy Criteria Admittance Document (AD) 1 Trader (Negotiation Initiator) Trader The Admittance Service is a Trust Service: it must be Accountable We have experience on TTPs and Trust Services

  13. Admittance Document (AD) • Types of Digital Credentials • Required to be Admitted • to Negotiation • Extent of Disclosure • Options Part A: Public Part B: Private • List of Admission • Criteria to Negotiation • (policies) Automation, Flexibility, Privacy and Trust: Admittance Document

  14. Part A: Credentials and Disclosure Criteria Type of Digital Credentials Extent of Disclosures Automation and Trust: Usage of Digital Credentials Privacy: Explicit definition of Digital Credentials’ disclosure criteria

  15. Part B: Admittance Policies Example Admit if: (Trader identification is provided to AC prior to admittance AND certified by Market Maker) AND (Trader credit > $20000 revealed to AC prior to admittance AND certified by a Bank member of Identrus) AND Digital Underwriting Credential C provided to AC by “Rating Association” prior to admittance AND (C.deliveryHistory is “OK” AND C.qualityHistory is “OK”) Action: disclose trader’s credit to Negotiation Initiator only after admittance Flexibility: Explicit (and business tailored) definition of Admittance Criteria to Negotiation

  16. Admittance Controller • It is an Accountable Entity • It provides a Trust Service on the Internet: • It must be compliant with privacy and • data protection laws • It must provide non-repudiable evidence • about its business conduct • It must be periodically audited At HP Labs Bristol we research and build Technology to address requirements for Trust Services

  17. Negotiation Initiator generates AD definition Initial Phase Negotiation Initiator submits AD to Admittance Controller Trader selects credentials from AD Trader sets disclosure level Trader sends admittance request To Admittance Controller Yes Admittance Controller assesses admittance request Not Does the Trader Revise their Offer? Trader leaves Not Grant Admittance? Admittance Controller sends an explanation to the Trader (optional) Yes Trader admitted to negotiation Admittance Process Negotiated Revealing of Credentials

  18. High Level Architecture Trader (Negotiation Initiator) Admittance Controllers 1 Admittance Module AD Submission Admittance Service Response 2 Admission Request 3 Admittance Module Marketplace Services Trader E-Marketplace

  19. Admittance Service UI Interaction Manager Negotiation Context Manager Admittance Engine Publisher Communication Storage AD Interpreter Credential Manager ADs Digital Credentials Verification Service Logging Auditing Links to External Trust Services The Admittance Service is a Trust Service: it must be Accountable

  20. Trader’s Admittance Module UI AD Authoring Tools AD Interpreter Interaction Manager Communication Credential Manager Credential Storage Digital Credentials Verification Service Logging Auditing Links to External Trust Services Implemented as: Plug-in, Enterprise back-end Module, etc.

  21. Infrastructure Technologies

  22. Current Work • Work in Progress … • Prototype of the Admittance Service and the • Client Admittance Module • Simulated e-Marketplace to get first-hand experience • of usability and effectiveness • Model Refinement by interacting with Customers

  23. Open Issues • No Open and Dynamic B2B e-Marketplaces so far … • (… our model is not specific for e-Marketplaces!) • Need for e-Trust Service Ecosystem to underpin • Trust on the Internet • Need for Digital Credential Standards • (Syntax and Semantics)

  24. Conclusions • Importance of Accountable (Trusted Third) Parties and • Trust Services to deal with confidential information • More Flexibility. Separation of Admittance Criteria to • Marketplace from Admission Criteria to Negotiation. • Transparency of Processes is fundamental • when dealing with Privacy issues • Digital Credentials can be used to provide Trust and • Automation although work needs to be done to build • an e-Trust Service Ecosystem to fully underpin them • Very Complex Area: Work in progress …

More Related