Personal and private information about consumers resides in a variety of databases owned by multiple organizations. Value-added service providers would like to access this information for the purpose of offering improved and personalized services to consumers. However, a lack of trust between consumers, information owners, e.g., owners of information sources, and application service providers is preventing the unlocking of the personalization potential.
Currently, trust is managed on a bilateral basis. Information owners do a vetting of the application service providers (ASP), and the ASPs or the information owners provide opt-in mechanisms for users. This requires an ASP to work with each information owner in order to deliver a new service offering the owner's information, a process that significantly increases the business overhead and time to market of innovative services.
Moreover, at present, consumers are wary that ASPs may misuse the information of theirs maintained by and available from information owners. In addition, bilateral agreements between information owners and APSs are time consuming and often impossible when a small ASP is trying to work with a large information owner, e.g., an Information Provider. For example, cell-phone based location determination technology exists today but a small location based ASP cannot offer any value added services incorporating this information because the small provider is not in a position to negotiate with larger mobile communication services providers to obtain the information to share with users.
There are peer-to-peer solutions and protocols for establishment of trust in an open marketplace. Such systems rely on one-to-one interactions to arrive at decisions to support resource exchange. Such systems are concerned with protocols for performing these negotiations and deal with mechanisms for willful or accidental violations of protocols between peer-to-peer exchanges and provide mechanisms for preventing such violations. Moreover, current systems for establishing trusted relationships are based upon brands (for Business to Consumers and Business to Business relationship) or based upon three-way relationships where a broker in between assumes the liability of transactions. Brands take years to develop and broker-based approaches, though suitable for traditional commerce, are unsuitable for establishing fine-grained control in a dynamic open information services' marketplace. For example, a user may use an e-commerce website such as Amazon or ebay® based upon reputation or an online merchant may accept a payment from stranger using a credit guarantor such as visa or mastercard network as broker. Two issues with such arrangements are: (a) the establishment of one-to-one relationships is static and (b) transaction control is coarse grained. Thus, these approaches don't extend to a marketplace model where information owners, end-users, and application service providers create dynamic partnerships and fine-grained controlled over release of information (or equivalently delivery of services) is achieved by taking into account competing preferences of all the participants.
Solutions to the problem of secure exchange of private and/or sensitive information between information owners and ASPs have been focused only on a subset of the four dimensions of trust and on enabling coarse-grained control, e.g., access or no access, to settlements, that is exchanges which occur in response to establishment of trust and transaction of business . This is because these solutions are being offered by either the information owners or the ASPs. Moreover, trust relationships moderated by a third-party work fine for the scenarios they were designed for, but a more open information marketplace requires explicit authorization and fine-grained control to mediate access to confidential and/or sensitive information housed by an information provider/source, that current solutions do not attempt to provide. For instance, the current approaches utilize coarse-grained control over whether you have access to a settlement mechanism or not. There is a need for a technique that constructs a detailed information model for the information provided by each owner/source that enables fine-grained control and can dynamically change permissions over time. Additionally, the ability to input policies, laws, and regulations separately that govern access and behavior is needed.