Citation Context

... to deceive in some way (as the etymology of the word, deriving from the Greek word, ψευδος-false, suggests). ASSERTION An assertion is a well-formed statement, claimed to be true for a given context =-=[78]-=-. It is used in the same sense as the logical term “proposition” except that it is claimed to be true. An atomic Subject-Predicate-Object statement as used in RDF [1.3.4] is an example of an assertion...

Citation Context

...ively e.g. "is that GEORGE W. BUSH?" - "Yes I think it is". As further support for this semantic model theory, the reader is referred to cognitive science models [74], the philosophical work of Fodor =-=[75]-=-[76] on the language of thought hypothesis and the work of Chomsky [77]. MODEL SEMANTICS AND THE IDENTICAL RELATION. The identical relation holds between two identifiers when they refer to the same co...

Citation Context

...ists is often dictated by arbitrary criteria such as whether they have been selected by the browser vendor. Such decisions are also very time-consuming and users often make poor decisions as a result =-=[10]-=-. What is needed is a semantics describing trust-relevant properties of certificates, allowing users to make better trust decisions about providers and allowing them to set rules for automatic evaluat...

Citation Context

...y e.g. "is that GEORGE W. BUSH?" - "Yes I think it is". As further support for this semantic model theory, the reader is referred to cognitive science models [74], the philosophical work of Fodor [75]=-=[76]-=- on the language of thought hypothesis and the work of Chomsky [77]. MODEL SEMANTICS AND THE IDENTICAL RELATION. The identical relation holds between two identifiers when they refer to the same concep...

Citation Context

...4]. It has been shown, however that users are willing to invest very little time and effort in understanding identity management systems and in dealing with mechanisms for increasing their privacy [5]=-=[6]-=-. Government legislation imposes stringent requirements for privacy of personal information, but under certain conditions, has strong requirements for the disclosure of personally identifying informat...

Citation Context

... certain range – e.g. 18-65. The private credential systems used in prototyping the framework proposed in this report are based on the signature schemes and protocols of Camenisch and Lysyanskaya [56]=-=[57]-=-. Private credential systems based on one of these signature schemes are known as Idemix systems. Camenisch et al.[58] present the abstract syntax and semantics for a general private credential system...

Citation Context

...ics of representing data. This is clearly described in [42]. Because of the above problems, it was decided to use an alternative proposal for RDF metasemantics within the SWIM framework. Named graphs =-=[43]-=- is a proposal which resolves the above problems using an extremely simple syntax and clearly defined semantics for literals. The following is an example of how RDF/N3 syntax produces a named graph. :...

Citation Context

...in a certain range – e.g. 18-65. The private credential systems used in prototyping the framework proposed in this report are based on the signature schemes and protocols of Camenisch and Lysyanskaya =-=[56]-=-[57]. Private credential systems based on one of these signature schemes are known as Idemix systems. Camenisch et al.[58] present the abstract syntax and semantics for a general private credential sy...

Citation Context

...o protect user privacy, surveys also show that, given the choice, significant numbers of end-users prefer to minimise the amount of identifiable information disclosed in electronic transactions [2][3]=-=[4]-=-. It has been shown, however that users are willing to invest very little time and effort in understanding identity management systems and in dealing with mechanisms for increasing their privacy [5][6...

Citation Context

...etween the less open, centralized PKI-based approach and the very open web-of-trust approach clear. Probabilistic approach: The probabilistic approach proposed by Golbeck, Parsial, Hendler and others =-=[93]-=-[94], works without requiring cryptographic mechanisms. The fundamental idea of the approach is that if the same assertion is found multiple times on the Web, published by sites with appropriate reput...

Citation Context

...t actually requires which is that he/she must be over 160 cm tall. Bonatti and Samarati introduce the idea of sanitizing a request before sending it to the user, referring to this as policy filtering =-=[86]-=-. Although such constraints on data requests are worthy of consideration, it was decided not to include the minimisation of enterprise data revealed through policy data as a requirement since: Unless ...

Citation Context

...are based on the signature schemes and protocols of Camenisch and Lysyanskaya [56][57]. Private credential systems based on one of these signature schemes are known as Idemix systems. Camenisch et al.=-=[58]-=- present the abstract syntax and semantics for a general private credential system based on the cryptographic mechanisms of Camenisch and Lysyanskaya [56][57][59]. The Idemix system supports multi-sho...

Citation Context

...en the less open, centralized PKI-based approach and the very open web-of-trust approach clear. Probabilistic approach: The probabilistic approach proposed by Golbeck, Parsial, Hendler and others [93]=-=[94]-=-, works without requiring cryptographic mechanisms. The fundamental idea of the approach is that if the same assertion is found multiple times on the Web, published by sites with appropriate reputatio...

Citation Context

...nion directive 97/66/EC concerning the processing of data and the protection of privacy in the telecommunications sector.[62] European Union directive 2002/58 on privacy in electronic communications. =-=[63]-=- European Union directive 1999/93 on digital signatures. [64] European Union directive 2006/24 on data retention. [65] An explanation of the most important points of the European directives follows: 1...

Citation Context

... then "Bugs Bunny has pneumonia" is not personal data. PERSONALLY IDENTIFIABLE INFORMATION Personally identifiable information (PII) is a term commonly used in the context of data protection (e.g. in =-=[82]-=- to refer to “information which can be used to distinguish or trace an individual's identity”, see also [83]). In terms of the above definitions, this simply refers to data which is used to identify a...

Citation Context

...ing are the most important legislative texts which place requirements on technologies handling the transfer of personal data within the European Union. Convention 108 of the Council of Europe. (1981) =-=[60]-=- The 1980 Organisation for Economic Co-operation and Development (OECD) guidelines.[61] The European directive 95/46 on data protection. [7] European Union directive 97/66/EC concerning the processing...

Citation Context

... them require, in addition, a cryptographic hash function to be used. Appropriate hash functions are for example SHA-256 and SHA-512. Note that SHA-1 has been successfully attacked by Wang Yin and Yu =-=[96]-=-. In the domain of anonymous credential systems the most useful algorithms are the SRSA-CL and BL-CL algorithms of Camenisch and Lysyanskaya [56][57]. Both these algorithms are advanced signature algo...

Citation Context

...or.[62] European Union directive 2002/58 on privacy in electronic communications. [63] European Union directive 1999/93 on digital signatures. [64] European Union directive 2006/24 on data retention. =-=[65]-=- An explanation of the most important points of the European directives follows: 1.4.1 DIRECTIVE 95/46/EC The directive 95/46/EC on the protection of individuals with regard to the processing of perso...

Citation Context

...ANT RESEARCH WORK ON P3P P3P has formed the basis for a number of research initiatives including in the following areas: Enterprise privacy policy languages [9] Web services privacy policies see e.g. =-=[28]-=- Data handling policies for database access control 29Privacy rules languages (APPEL e.g. [18]) Modelling legislation using P3P – see [29] Generalised web policy languages [30] Privacy policy framewo...

Citation Context

... the protection of privacy in the telecommunications sector.[62] European Union directive 2002/58 on privacy in electronic communications. [63] European Union directive 1999/93 on digital signatures. =-=[64]-=- European Union directive 2006/24 on data retention. [65] An explanation of the most important points of the European directives follows: 1.4.1 DIRECTIVE 95/46/EC The directive 95/46/EC on the protect...

Citation Context

...3][4]. It has been shown, however that users are willing to invest very little time and effort in understanding identity management systems and in dealing with mechanisms for increasing their privacy =-=[5]-=-[6]. Government legislation imposes stringent requirements for privacy of personal information, but under certain conditions, has strong requirements for the disclosure of personally identifying infor...

Citation Context

...meworks and in implementing technical architectures with formal machine readable ontologies based on this foundation. Some work has been done informally on defining identification, for example in [69]=-=[70]-=- and [71]. According to [71], there are two conflicting issues: offering people anonymity with multiple pseudonymous identities, and on the other hand protecting business interests and ensuring reliab...

Citation Context

...er about the batch number of the shoes they are wearing when they step on the tile, and the purchase details of those shoes are available. At this point, it is relevant to discuss the work of Kohntop =-=[81]-=-, which distinguishes between the full and partial identities of a pseudonym WRT an anonymity set. Traditionally, an identity is thought of as a fixed set of assertions, which can be said to identify ...

Citation Context

...the fact that the specification does not allow this, much of the research work on P3P centred around scenarios where P3P policies were attached to resources which were not obtained via http – e.g. [9]=-=[26]-=-[25] and for which a more flexible binding mechanism was required. The P3P 1.1 Specification provides a new binding mechanism to allow for increased granularity beyond the URI level and to allow polic...

Citation Context

...dentity Services, providing tools, syntax and protocols for RP‟s and IdPs. Higgins Identity Data Service which provides for interoperability and accessibility between different types of identity data.=-=[36]-=- 31OPENID OpenID is primarily a single sign-on system for web site logins, providing only limited possibilities for the management of identity data. The key differentiating feature of OpenID is that ...

Citation Context

...wn as Idemix systems. Camenisch et al.[58] present the abstract syntax and semantics for a general private credential system based on the cryptographic mechanisms of Camenisch and Lysyanskaya [56][57]=-=[59]-=-. The Idemix system supports multi-show unlinkability (point 1. above), that is, multiple transactions with the same private credential are unlinkable unless the attribute information allows for linka...

Citation Context

...to whom they have attributed IP addresses by analysing logs. On the other hand, a third party could discover the dynamic IP address of a user but not be able to link it to personal data. As stated in =-=[68]-=-, however, the possibility exists of linking the user‟s IP address to personal data, by invisible processing means such as cookies. The W3C standard, P3P [1.3.1] also shows considerable inconsistency ...

Citation Context

... frameworks and in implementing technical architectures with formal machine readable ontologies based on this foundation. Some work has been done informally on defining identification, for example in =-=[69]-=-[70] and [71]. According to [71], there are two conflicting issues: offering people anonymity with multiple pseudonymous identities, and on the other hand protecting business interests and ensuring re...

Citation Context

...1], there are two conflicting issues: offering people anonymity with multiple pseudonymous identities, and on the other hand protecting business interests and ensuring reliability and accountability. =-=[72]-=- also describes the protection of privacy in transactions in terms of a choice between identification of clients on one side and protection of anonymity on the other. [71] gives the following definiti...

Citation Context

...ion consumer. This is because a digital signature represents non-repudiable evidence, and allows the relying party to show the same artefacts, with the same degree of assurance, to another party (see =-=[91]-=-). Private credentials and Idemix: Private credentials (see [1.3.11]) provide a high degree of privacy through unlinkable transaction pseudonyms and flexible selective disclosure of data (they can pro...

Citation Context

...s to protect user privacy, surveys also show that, given the choice, significant numbers of end-users prefer to minimise the amount of identifiable information disclosed in electronic transactions [2]=-=[3]-=-[4]. It has been shown, however that users are willing to invest very little time and effort in understanding identity management systems and in dealing with mechanisms for increasing their privacy [5...

Citation Context

...s privacy. A key requirement coming from legislation is created by the principle of minimisation of data collection, whereby data collected by services should be minimal for the purpose required [3.2]=-=[7]-=-. This is an important requirement for the design of identity management solutions. Nevertheless, existing solutions almost always request more data than is required. For example, strictly speaking, f...

Citation Context

...ble processing means such as cookies. The W3C standard, P3P [1.3.1] also shows considerable inconsistency in its expression of identity issues. Consider the following phrase used in the specification =-=[8]-=-: “In order to consider the data anonymised, there must be no reasonable way for the entity or a third party to attach the collected data to the identity of a natural person". It is not clear what is ...

Citation Context

...rability of privacy preferences between enterprises. Many privacy enhancing technologies such as P3P (Platform for Privacy Preferences) [1.3.1][8] and EPAL (Enterprise Privacy Authorisation Language) =-=[9]-=- allow enterprises to make customisable agreements with end-users as to the data-handling practices applied to their data. However, existing frameworks do not provide for the subsequent transfer of th...

Citation Context

... {T1,T2} represents an unordered set with elements T1 and T2 Predicates are represented in abstract syntax as predicate name(argument1,argument2,argument3…) – and in concrete syntax using RDF RDF/XML =-=[11]-=- syntax or RDF/N3 syntax[12] or depending on the implementation context. Logical expressions use standard logic symbols for example: o denotes AND, as in P(a) AND P(b). o denotes OR, as in P(a) OR P(b...

Citation Context

...ered set with elements T1 and T2 Predicates are represented in abstract syntax as predicate name(argument1,argument2,argument3…) – and in concrete syntax using RDF RDF/XML [11] syntax or RDF/N3 syntax=-=[12]-=- or depending on the implementation context. Logical expressions use standard logic symbols for example: o denotes AND, as in P(a) AND P(b). o denotes OR, as in P(a) OR P(b). o a Є S:P(a) means that f...

Citation Context

...D tags (which return unique numbers when interrogated by a reader), pressure sensors, gesture recognition in clothes, etc. Even devices which react to changes in brain waves are already in the market =-=[13]-=-. The services are then delivered by interfaces which are also integrated into the environment. These might include interfaces such as: Visual Display Units (VDU), e.g. a computer screen. Intelligent ...

Citation Context

...ing act; 4. Users no longer have true freedom of choice because they are forced to participate in Ambient Services in order to carry out their every-day activities; 5. The users‟ spatial privacy (see =-=[14]-=-, [Glossary and abbreviations]) is much more under threat. DESCRIPTION In this scenario, a special type of pressure sensor has become an industry standard and is ubiquitously deployed in flooring syst...

Citation Context

... privacy enhancing identity management framework. We therefore describe it in detail below, as well as examining the requirements which it does not address. P3P 1.0 The W3C (Worldwide Web Consortium) =-=[15]-=- specification document gives the following description of P3P [8]: "The Platform for Privacy Preferences Project (P3P) enables Web sites to express their privacy practices in a standard format that c...

Citation Context

...vacy policy that applies to a web resource. Users define their privacy user preferences {4.} which are translated into a P3P XML version possibly using a graphical tool such as the JRC ruleset editor =-=[17]-=-. This typically specifies a set of data processing characteristics to look for in P3P policies and behaviours to execute if they are matched. The characteristics that the rules look for can be any of...

Citation Context

...or encoding user preferences in ECA rules [1.3.9, Event condition action rules (ECA)] which match aspects of P3P policies and perform one of 3 actions based on what is matched. According to the APPEL =-=[18]-=- specification and the behaviour of current implementations, the P3P user agent is similar in functionality to a traditional access control system. On the basis of the user‟s rules, the agent can choo...

Citation Context

...e decision is a request or a block. Limited: The third option is to limit the information transmitted in HTTP headers to a minimum required to perform the request (according to safe-zone requirements =-=[20]-=-. For example no POST data is transmitted and the http referrer header is not included. 27The following should be noted with reference to the P3P specification: APPEL has only W3C working group note ...

Citation Context

... is due to problems with adoption. Firstly, it has been noted that APPEL has important ambiguities. That is, two different syntactic variants of the same rule semantics lead to opposite decisions (see=-=[21]-=-, chapter 2.4). Secondly APPEL uses a very non-standard syntax for matching policy fragments. This impeded adoption due to the high investment needed in learning the policy matching syntax. An alterna...

Citation Context

... for matching policy fragments. This impeded adoption due to the high investment needed in learning the policy matching syntax. An alternative rule syntax has been proposed by [22], using W3C‟s XPATH =-=[23]-=- standard to match policy fragments. P3P does not interact with the user‟s data store or manage selection of identity information for transmission. It cannot therefore be considered a full-blown ident...

Citation Context

...d in situations where policies apply to only a subset of the content associated with a given URI. For example, 28while P3P 1.0 can be used to apply a P3P policy to an entire form specified by XForms =-=[25]-=-, it cannot be used to apply the policy to only a single form field. This is an important scenario since different data-handling practices are often applied to different types of information within a ...

Citation Context

...e, all statements concerning the ecommerce pages in a web site might be displayed together under a single heading according to the group metadata provided. This is also useful for policy editors e.g. =-=[27]-=- wishing to provide metadata for grouping statements under relevant headings. It can also be useful as an optimization in decision making, allowing user-agents to make decisions based on group metadat...

Citation Context

... policy languages [9] Web services privacy policies see e.g. [28] Data handling policies for database access control 29Privacy rules languages (APPEL e.g. [18]) Modelling legislation using P3P – see =-=[29]-=- Generalised web policy languages [30] Privacy policy frameworks for ubiquitous computing. [26] P3P in access-control languages e.g. [31] REQUIREMENTS NOT ADDRESSED BY P3P This thesis proposes a new i...

Citation Context

...guages (APPEL e.g. [18]) Modelling legislation using P3P – see [29] Generalised web policy languages [30] Privacy policy frameworks for ubiquitous computing. [26] P3P in access-control languages e.g. =-=[31]-=- REQUIREMENTS NOT ADDRESSED BY P3P This thesis proposes a new identity management framework addressing requirements not covered by existing solutions. It is therefore important to note the following s...

Citation Context

...management of identity data. The key differentiating feature of OpenID is that a federated identity is represented by a URL which is published either by the user themselves or by an identity provider.=-=[37]-=- SAML SAML (security assertions markup language) is not a complete identity management framework, but rather a component which aims to provide a format for the request and exchange of identity asserti...

Citation Context

...ions developed by W3C, designed to standardise not the way data contained in web resources is presented to end-users, but the way it is presented to machines. RDF RDF (Resource Description Framework) =-=[39]-=- is a language used for expressing machine-readable data in an interoperable way. RDF is used as the basis for OWL (Web Ontology Language) [1.3.7], the ontology language used in the SWIM framework. It...

Citation Context

...adable. Unlike XML, RDF has an explicit semantic model theory, making it easier to be precise about the meaning of data expressed using RDF syntax. Technologies such as RSS (Really Simple Syndication)=-=[40]-=- are based on RDF and provide machine-readable meta-data on the semantics of human-readable pages. RDF specifies an abstract graph syntax which describes triples (subject, predicate, object) in terms ...

Citation Context

...his requires a meta-semantics for RDF whereby parts of the graph itself can be named and referenced by other parts of the graph. The first attempt to do this was within the original RDF specification =-=[41]-=-. Each term of a triple is labelled using a separate triple which designates that it is either the subject, the object, or the predicate of a triple with a given name. This had various problems: 33It...

Citation Context

...s the reference of the literal, or the string as a representation of the literal which is referred to. This causes serious problems in the semantics of representing data. This is clearly described in =-=[42]-=-. Because of the above problems, it was decided to use an alternative proposal for RDF metasemantics within the SWIM framework. Named graphs [43] is a proposal which resolves the above problems using ...

Citation Context

.... For example, the property named “XXX1” in an OWL ontology may be expressed as “spam sensitive data” or “contact data” in human-readable translations, depending on the context. Methodologies such as =-=[44]-=- exist for capturing, validating and encoding domain concepts and human readable strings in multiple languages. The results may even include specification of how concepts may be represented visually. ...

Citation Context

...or performance since RDFS parsers and reasoning engines are generally much faster than OWL engines due to the smaller number of rules which have to be processed. 1.3.7 OWL (WEB ONTOLOGY LANGUAGE) OWL =-=[46]-=- is a formal ontology language with more expressive power than RDFS. It contains a much larger range of ontological concepts for describing relationships between classes and properties. For example it...

Citation Context

...ntologies and inferencing based on them is handled using a rule-syntax [1.3.9] and inference engine. 1.3.9 RULE LANGUAGES Although there are several initiatives working on standardised rule languages =-=[47]-=-[48][49], at the time of writing, there is no global standard mature enough for describing the rules used in the SWIM framework. It was therefore decided to use the rule language specified within the ...

Citation Context

...ogies and inferencing based on them is handled using a rule-syntax [1.3.9] and inference engine. 1.3.9 RULE LANGUAGES Although there are several initiatives working on standardised rule languages [47]=-=[48]-=-[49], at the time of writing, there is no global standard mature enough for describing the rules used in the SWIM framework. It was therefore decided to use the rule language specified within the JENA...

Citation Context

...s and inferencing based on them is handled using a rule-syntax [1.3.9] and inference engine. 1.3.9 RULE LANGUAGES Although there are several initiatives working on standardised rule languages [47][48]=-=[49]-=-, at the time of writing, there is no global standard mature enough for describing the rules used in the SWIM framework. It was therefore decided to use the rule language specified within the JENA API...

Citation Context

...ntic structure is defined across multiple triples and allows a rule to collect those triples together in one place. Rules may be nested. A complete description of the rule syntax used can be found in =-=[51]-=-. BACKWARD CHAINING RULES Backward chaining rules insert the condition into the data if it is a valid premise for a conclusion contained within the data. They are written as follows. conclusion, ... c...

Citation Context

...s a conflict between the actions (e.g. request and block). It should also specify what happens if no rule fires so that there is always a well-defined outcome. 1.3.10 SPARQL RDF QUERY LANGUAGE SPARQL =-=[52]-=- is a SQL-like query language specifically designed for querying over RDF triples in an assertion store. It is a W3C recommendation for describing RDF graph patterns. The simplest graph pattern is the...

Citation Context

...credentials is based on the cryptographic technique of zero-knowledge proofs, that is, proofs that do not reveal any further information than the validity of the assertion. Zero-knowledge proofs (see =-=[55]-=-) can be compressed into one message or be interactive, each having different advantages. Of course, with a set of private credentials, evidence for assertions can only be created if the assertion is ...

Citation Context

...d. Current literature, as will be shown, does not provide a consistent model of identity concepts. A survey of regulatory descriptions of identity reveals a lot of confusion. The US patriot act, 2001 =-=[66]-=-, for example, mentions the words „identity‟ and „identification‟ 72 times, without once attempting to define them. The EU data protection directive 95/46/EC [7] refers to identity as follows: 1. "an ...

Citation Context

...out the data subject in question. 432.2 MODEL AND DEFINITIONS FOR ELECTRONIC IDENTITY 2.2.1 SEMANTIC MODEL THEORY In common with the formal ontology community and in particular, the RDF model theory =-=[73]-=- adopted by the W3C, a 3-layered semantics is assumed. This semantics has a many-to-many relationship between layers, as defined by “reference”. The layers are: Identifiers: Identifiers are used to re...

Citation Context

...which can only be indicated demonstratively e.g. "is that GEORGE W. BUSH?" - "Yes I think it is". As further support for this semantic model theory, the reader is referred to cognitive science models =-=[74]-=-, the philosophical work of Fodor [75][76] on the language of thought hypothesis and the work of Chomsky [77]. MODEL SEMANTICS AND THE IDENTICAL RELATION. The identical relation holds between two iden...

Citation Context

...support for this semantic model theory, the reader is referred to cognitive science models [74], the philosophical work of Fodor [75][76] on the language of thought hypothesis and the work of Chomsky =-=[77]-=-. MODEL SEMANTICS AND THE IDENTICAL RELATION. The identical relation holds between two identifiers when they refer to the same concept. This identical relation forms the core of the model of identity ...

Citation Context

... assertion that finger print files are unique to persons. 2.2.3 IDENTICAL RELATION OF TWO PSEUDONYMS. A central axiom in this model of identity is Leibniz‟ principle of the identity of indiscernibles =-=[79]-=-, which defines the relation identical (denoted == and ≠= for its inverse) for two identifiers (pseudonyms in this model) as follows. Let A be a set of assertions and p1 and p2 are pseudonyms. Then, p...

Citation Context

...hrough Interpol to a barman (Peter Neil Hamkin) in Liverpool, UK. The barman however claimed he had never been to Naples and it was then discovered that there was an error in the police DNA archives (=-=[80]-=- is an example press report of this story). Pseudonyms: Murderer, Barman The following assertions apparently uniquely identify barman as the murderer (Murderer==Barman) according to the method of func...

Citation Context

...ous party subverts reputation-based authentication systems to deny authorization to the victim. Reputation may be combined with other forms of authentication as in web-of-trust architectures like PGP =-=[85]-=-. 2.2.11 SCENARIO: IDENTITY THEFT The person referred to by a pseudonym p1 can steal the identity of a person referred to by pseudonym p2 by falsifying assertions (using misleading evidence) such that...

Citation Context

... LAYER The data typing schema for P3P [1.3.1] has been particularly problematic largely because of problems with ill-defined semantics and non-standard syntax [21]. Even P3P1.1‟s XML schema mechanism =-=[87]-=- requires XML schemas to be written with special constraints. It is extremely timeconsuming for application developers to use specialized syntax for describing data types to which privacy and identity...

Citation Context

...emes is the Swiss federal data protection act, which sets out voluntary certification requirements and motivates businesses to comply by providing exemption from expensive reporting requirements (see =-=[89]-=-). 65REQUIREMENT 16. The framework should provide data structures which facilitate efficient audit and enforcement of data processing events. 3.10 SEMANTIC INTEGRATION INTO CROSS-PLATFORM DATA STRUCT...

Citation Context

...very high degree of probability that the DS is in possession of the secret (and therefore that the assertion is true). Web of trust: The web of trust is the model underlying Pretty Good Privacy (PGP) =-=[92]-=- ; the model provides a certification infrastructure for assertions without a centralized or hierarchic structure. In PGP, the assertions make statements on bindings between public keys and identities...

Citation Context

... secret, and token. For example, nonelectronic credentials used in face to face may lead to different values of this property. Recent related work on authentication assurance levels, such as [98] and =-=[99]-=- may be used as a basis for a comprehensive implementation of this part of the ontology. Identity provider trust This is a set of categories which can be used to categorise providers issuing certifica...

Citation Context

...types of certificates. Security method This is a classification of the security evaluation criteria applied within the authentication scheme of the identity provider. Examples include Common Criteria =-=[100]-=-, ISO 27001/27002 [101][102] COBIT [103] and ITIL [104]. In order to carry any weight in demonstrating compliance with the criteria, a reference is needed to the accreditation body which has verified ...

Citation Context

...his is a classification of the security evaluation criteria applied within the authentication scheme of the identity provider. Examples include Common Criteria [100], ISO 27001/27002 [101][102] COBIT =-=[103]-=- and ITIL [104]. In order to carry any weight in demonstrating compliance with the criteria, a reference is needed to the accreditation body which has verified the compliance along with some evidence ...

Citation Context

...fication of the security evaluation criteria applied within the authentication scheme of the identity provider. Examples include Common Criteria [100], ISO 27001/27002 [101][102] COBIT [103] and ITIL =-=[104]-=-. In order to carry any weight in demonstrating compliance with the criteria, a reference is needed to the accreditation body which has verified the compliance along with some evidence (e.g. a digital...

Citation Context

... than XML. For example, OWL describes the problematic relationships of the P3P 1.0 data schema much more efficiently and in standard syntax. This work builds on existing work on an RDF Schema for P3P =-=[108]-=-. Perhaps the most notable improvement to this work provided here is the modelling of the P3P base data schema as a class hierarchy, using the abovementioned data typing ontology [4.2.5]. This reduces...