Secure information sharing along a distributed product value chain

Collaboration among stakeholders of a common product value chain within a virtual enterprise requires for process and data interoperability. However, stakeholders want to decide, which internal resources shall be shared with partners and which stay confidential. Building trust between partners with respect to cross-domain user authentication, user authorization as well as trustful UI interaction paradigms is a key aspect for successful and deep collaboration. In the ComVantage project a framework for trustful inter-organizational collaboration was developed. The main objective is to provide a fine-grained access control model that supports a decentralized approach for authentication and authorization. The framework enables security policy negotiation between collaborating partners, establishment, management, monitoring and enforcement for accessing Linked Data sources in a multi-domain environment. Furthermore, the proposed framework is designed to enable the integration of complex environments as well as micro companies. For the provisioning of trust, the ComVantage approach complements traditional XACML Role-based multi-domain access control models, including SAML authentication, which are useful to control the access to dynamically changing Linked Data information. The approach features innovative SPARQL rewriting capabilities based on graph data sets (RDF triple stores) to deal with the security needs of mobile inter-organizational information sharing. This way, identity federation and security credentials interchange are performed in the first place and, afterwards, a multitiered authorization process takes place to provide multi-domain access control for Linked Data. Thus, the ComVantage approach secures the access to information and allows only authorized users to modify and update it as Linked Data based information.