Securing Policy Negotiation for Socio-Pervasive Business Microinteractions: Secure, Simple and Efficient Implementation of Policy Negotiation

摘要

In this paper, we study security of policy negotiation and policy-based agreements for emerging mobile based dynamic business environments that feature many previously unknown parties sharing services to each other in an ad hoc fashion. Signed agreements among parties are basic enablers of trust in such dynamic environments. Before a micro service or a 3rd party application can be consumed by an employee, a policy like Service Level Agreement (SLA) typically has to be agreed by the service consumer and service provider. Various types of policies have to be accepted also in other socially tailored use-cases, e.g., when an employee joins a community. To enable appropriate degree of trust, consumer privacy protection, as well as authenticity and non-repudiation of the final agreement, the policy negotiation process has to be secured. The security principles introduced in the paper are applicable to any kind of policy negotiation and selection where two entities are involved: the provider and the requester who need to establish trust between them A simple but secure policy negotiation or selection is described, followed by description of its implementation on Android operating system. The interactions between the parties are minimized in order to boost usability and limit bandwidth usage in socio-pervasive environment.