Obligations of Trust for Privacy and Confidentiality in Distributed Transactions

Author(s): U.M.Mbanaso, G.S. Cooper, David Chadwick, Anne Anderson  |  Published date:  Nov, 2008

Abstract Purpose– This paper describes a bilateral symmetric approach to authorization, privacy protection and obligation enforcement in distributed transactions. We introduce the concept of the Obligation of Trust (OoT) protocol as a privacy assurance and authorization mechanism that is built upon the XACML standard. The OoT allows two communicating parties to dynamically exchange their privacy and authorization requirements and capabilities, which we term a Notification of Obligation (NoB), as well as their commitments to fulfilling each others requirements, which we term Signed Acceptance of Obligations (SAO). We describe some applicability of these concepts and show how they can be integrated into distributed authorization systems for stricter privacy and confidentiality control.

Download pdf