Operational Challenges in Deploying Trust Management Systems - A Practical Perspective
With the exponentially increasing number of transactions being performed online, it has become critical to ensure that any electronic transaction can be associated with the electronic persona who has carried out the transaction. Furthermore it is very important to ensure that this electronic persona can be associated with a real human persona. This need has been highlighted by the regularity with which security measures are breached. In the circumstance of a breach or a failure of security, it is very important to determine the real person associated with the transaction in question so that accountability can be fixed and appropriate follow up actions taken. This requirement of accountability must be fulfilled with the same degree of rigour that we are used to in traditional paper based systems where transactions are authorized and accountability fixed by the use of “wet” signatures. Unless we are able to practically achieve this same level of accountability in electronic systems, reliance on paper based systems will continue.
Associating a transaction with a real human person has two steps. First the transaction must be associated with an electronic identity. The most simple example of this is a user-name. The second step is associating the given electronic persona with a real human persona. This is usually a matter of policy although there are some technologies, like biometrics, which could help establish this association is deployed carefully. Both these associations must be made with the requisite level of rigour if they are to be used as the basis for accountability.