6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Maria Semmelrock-Picej et al.<br />
they are concerned about possible undesirable economic consequences resulting from a misuse of<br />
such information. Indeed, many companies express concern about the privacy and identity<br />
management and research suggests that identity management is of focal concern to companies.<br />
Identity Management is a hot area, experiencing considerable growth and gets more and more one of<br />
the challenging key disciplines an IT department of a midsize to large enterprise has to ise (Jackson<br />
2010). It is not surprising because organizations, supply chains and customers have been tightly<br />
connected together in digital networked economy. Another important aspect is that of identity theft<br />
and misuse, leading to serious damages within enterprises and also in the Internet development.<br />
The major contribution of this paper is in revealing and discussing the identitiy federation approach<br />
that impact trust in collaborative environments. In doing so, this paper shows, based on the<br />
standardized Shibboleth protocol, how the identity data of a company can be integrated, when taking<br />
part in collaborations. The second contribution of this paper is in identifying the requirements of<br />
smallest companies in this field. When talking about these issues in an enterprise context mostly midsize<br />
to large enterprises are in the focus of consideration. This paper presents solutions which bridge<br />
this gap by offering the necessary functionality also to smallest companies. These findings should<br />
enhance very small companies to also start collaborating virtually.<br />
2. The SPIKE project<br />
2.1 Introduction<br />
SPIKE as a virtual infrastructure aims at researching and implementing a virtual collaboration<br />
platform. In order to reach these goals SPIKE’s security infrastructure is highly reliable and adaptive<br />
and consists of the following layers (see next figure), (Semmelrock-Picej and Possegger 2010):<br />
A: Network Enterprise Layer – at level A different companies offer their particular tacit and explicit<br />
knowledge, expertise, resources and skills. All involved companies are characterized by a number<br />
of criteria like strategic position, size of company, market, location, and so on.<br />
B: Conceptual SPIKE Layer: The Service Mediatior of this layer combines all provided tangible<br />
and intangible resources and coordinats them accordingly to the requirements of the market<br />
which than form a new product (see figure 1 B).<br />
Level B also consists of mapping instruments to assign involved companies and their services and<br />
capabilities to the tasks of the business process. This layer particularly supports the selection,<br />
orchestration, management and execution several kinds of services in a controlled way.<br />
2.2 Security functions in SPIKE<br />
In participating the SPIKE platform companies/users first name their identity. The system validates the<br />
user’s claimed identity (authentication). Both steps precede access control which aims at preventing<br />
unauthorized use of a resource as well as use of resources in an unauthorized way.<br />
As identities in virtual cooperations are not anonymous trust and reputation mechanisms are the key<br />
to success of open, dynamic and service oriented virtual collaborations as they lead to social trust of<br />
involved persons in virtual cooperations and are therefore the best strategy to ensure virtual<br />
cooperation. However, this trust is based on repeated interactions wich can be successful or fail.<br />
Therefore a key aspect of our approach is the permanent process of the analysis and evaluation of<br />
interactions which automatically determine trust.<br />
In the last years trust has mostly been connected and analysed in combination with technical security<br />
issues. Based on this several definitions has been developed (Josang, Ismail and Boyd 2007; Artz<br />
and Gil 2007). For our discussion we understand trust more human centric which relies on previous<br />
interactions and improves human collaboration supported with technical systems in a virtual environment.<br />
For this communication is the basis for directly influencing trust between individuals in business<br />
collaborations (Economist 2008) and relies on the experiences of previous interactions (Billhardt,<br />
Hermoso, Ossowski and Centeno 2007; Mui, Mohtashemi and Helberstadt 2002) and the similarity of<br />
interests and skills (Matsuo and Yamamoto 2009). In addition especially in social networks and<br />
collaborations trust is strongly related to information disclosure, identity management and privacy and<br />
can also be used as a basic model to improve document recommendations to better match interests<br />
of users.<br />
239