Academic journal article International Journal of Electronic Commerce Studies

Securing Virtual Enterprises: Requirements and Architectural Choices

Academic journal article International Journal of Electronic Commerce Studies

Securing Virtual Enterprises: Requirements and Architectural Choices

Article excerpt

ABSTRACT

Cooperative environments where multiple organizations interact for providing e-services to their customers are widely diffused and often referred as virtual enterprises. IT systems supporting these inter-organizational models must be designed by taking into account both functional and non-functional issues. Among the non-functional issues, information security solutions play an important role as mechanisms for reinforcing trust among members of a virtual enterprise and their supplier/customers. In this paper, we outline a set of non-functional requirements for IT systems supporting virtual enterprises, and describe the federated identity management system which has been implemented in the context of an EU project (LD-CAST) as an example of a trust-reinforcing mechanism.

Keywords: Digital Platform, Identity Management Systems, Virtual Enterprise, Circle of Trust

1. INTRODUCTION

The increasing needs for complex products and services in competitive markets require new cooperative models based on networked forms individuals, communities and organizations. In this context, the interoperability of systems and organizations, enabled by standards and technologies, represents a central requirement towards flexibility, a strategic attribute for competitive organizations1. Several contributions in the organizational literature identify virtual enterprises as innovative configurations able to increase the benefits of inter-organizational cooperation 2.

A Virtual Enterprise (VE) can be defined as a "temporary organization of companies that come together to share costs and skills to address business opportunities that they could not undertake individually"3. In other words, it is a temporary alliance of (usually small and medium sized) enterprises that join together to share skills or core competencies and resources in order to better respond to business opportunities, and whose cooperation is supported by computer and communication networks4. Thus a VE can be considered as a weakly-connected system where participants define their actions independently in order to achieve a common goal5, and participant cooperation is supported by computer networks6, 7, 8. Moreover, when the business opportunity terminates, the units leave the network and give rise to new forms of organizations.

The main obstacles to the development of VEs have been identified in the limits of their supporting cooperation platforms, and in the inefficiency of their organizational configurations. Furthermore, there is a lack of mechanisms aimed to increase trust and security in these online settings9, 10. More generally, a critical element in the implementation process of inter-organizational systems is represented by the identification of information to be shared and their quality characteristics. Among these characteristics, information security plays a crucial role as the enabler of trust11, 12, 13, which is particularly needed when ownership relations among partners are lacking, and a strong integration is required14, 15, 16, 17, 18. In particular, we refer here to the concept of "systemic trust" which has been introduced by Sztompka19 as the combination of institutional, technological and commercial trust.

Previous conceptual works have focused on the role of federated identity management systems as trust-reinforcing mechanisms when multiple organizations need to cooperate12, 20, 21. These security solutions are based on a combination of several technical, administrative, and informal aspects in order to ensure the expected benefits9. They represent an alternative to the most common centralized architectures which pose a number of issues when access control is needed across organizational boundaries.

In this paper, we aim to explore the characteristics of trust-reinforcing mechanisms in the context of virtual enterprises. Furthermore, we aim to understand to what extent federated identity management systems represent a suitable solution to security issues in this domain. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.