Secure information sharing among stakeholders along a distributed product value chain

Collaboration among stakeholders of a common product value chain within a virtual enterprise requires for process and data interoperability. However, stakeholders want to decide, which internal resources shall be shared with partners and which stay confidential. Building trust between partners with respect to cross-domain user authentication, user authorization as well as trustful UI interaction paradigms is a key aspect for successful and deep collaboration.

In the ComVantage project a framework for trustful inter-organizational collaboration was developed. The main objective is to provide a fine-grained access control model that supports a decentralized approach for authentication and authorization. The framework enables policy negotiation between collaborating partners, establishment, management, monitoring and enforcement for accessing Linked Data sources in a multi-domain environment. Furthermore, the proposed framework is simple enough and should work, on the one hand, within a complex environment, and on the other, it should be applicable for micro companies.

For the provisioning of trust, the ComVantage approach complements traditional XACML Role-based multi-domain access control models, including SAML authentication, which are useful to control the access to dynamically changing Linked Data information. The approach features innovative SPARQL rewriting capabilities based on graph data sets (RDF triple stores) to deal with the security needs of mobile inter-organizational information sharing. This way, identity federation and security credentials interchange are performed in the first place and, afterwards, a multitiered authorization process takes place to provide multi-domain access control for Linked Data.

The ComVantage security approach does not just guarantee that the access to the information remains secure, but it also ensures that the information published as Linked Data is modified and updated only by the users that are authorized to do these tasks.