Article ID: | iaor20083108 |
Country: | Netherlands |
Volume: | 43 |
Issue: | 2 |
Start Page Number: | 675 |
End Page Number: | 685 |
Publication Date: | Mar 2007 |
Journal: | Decision Support Systems |
Authors: | Li Eldon Y., Du Timon C., Wong Jacqueline W. |
Corporate collaboration allows organizations to improve the efficiency and quality of their business activities. It may occur as a workflow collaboration, a supply chain collaboration, or as collaborative commerce. Collaborative commerce uses information technology to achieve a closer integration and better management of business relationships between internal and external parties. There are many emerging issues in collaborative commerce and one of them is access control. To implement collaborative commerce, interfaces between the system elements of the organizations that are involved in the collaboration are needed. However, access control policies are often inconsistent from interface to interface, and therefore conflict resolution should be considered to resolve multilevel access control policy problems. Many studies propose different rules for the resolution of the conflict between access control policies, but little attention has been given to the relationship between the groups or subject classes that represent the different types of corporate collaboration. In this paper, the format of corporate collaboration is considered, and the conflicts between the access control policies of interfaces are addressed. Some general guidelines, other than those that relate to minimum privilege on duty and maximum privilege on sharing, are proposed.