Privacy in Supply Chains
what to share
My (first party) identity provided to the e-Merchant (second party) as I transact online seems to raise no privacy concern as long as there is no third- or fourth- and so-on party owns that piece of information without my knowledge. Just the same as the county office does not share my marriage license information with other state or federal offices. Yes, I am willing to take the risk to provide my identity and accept the fact that these online merchants or regulatory offices do record that information; in return, I enjoyed the convenience to conduct commerce in cyber space without moving much of my 'behind,' or obtain a certification that now I can file a joint tax return (of course, I am assuming the IRS of USA does validate any claimed marriage).
Privacy is an issue when my identity is being shared, with or without my knowledge. If the information is shared by disclosure, privacy preservation approach can be taken. If the information is open to limited access, then general access control can be implemented. In a supply chain, the information sharing is considered amount any two parties, and each party has the intention that such sharing is beneficial in some way. Yet the information to be shared takes on different characteristics than personal information such as the identity.
For example, information quality is one of the features of the shared information that we will consider in supply chains. To determine what quality of information is to shared, we derive the relationship of the two parties at the time of sharing. Yes, that relationship, even of the same two parties, can vary over time, as if it is during the work-in-progress time frame, or if it is at the time of delivery. The quality furthers depends of the individual preferences of the two parties. That is, once the relationship (similar to role in Role-Based Access Control) is determined, dynamically, individual preferences will be evaluated and an entitlement will be generated for one party (in this case, the requestor).
The entitlement can be enforced in the RFID-IS if information is RFID-based and RFID-related. One of the information qualities will be structurally dependent - i.e., depth and/or breadth. We are looking at this Relationship-Based Access Control in details within the next six months.
Privacy is an issue when my identity is being shared, with or without my knowledge. If the information is shared by disclosure, privacy preservation approach can be taken. If the information is open to limited access, then general access control can be implemented. In a supply chain, the information sharing is considered amount any two parties, and each party has the intention that such sharing is beneficial in some way. Yet the information to be shared takes on different characteristics than personal information such as the identity.
For example, information quality is one of the features of the shared information that we will consider in supply chains. To determine what quality of information is to shared, we derive the relationship of the two parties at the time of sharing. Yes, that relationship, even of the same two parties, can vary over time, as if it is during the work-in-progress time frame, or if it is at the time of delivery. The quality furthers depends of the individual preferences of the two parties. That is, once the relationship (similar to role in Role-Based Access Control) is determined, dynamically, individual preferences will be evaluated and an entitlement will be generated for one party (in this case, the requestor).
The entitlement can be enforced in the RFID-IS if information is RFID-based and RFID-related. One of the information qualities will be structurally dependent - i.e., depth and/or breadth. We are looking at this Relationship-Based Access Control in details within the next six months.