Relationship-based federated access control model for EPC Discovery Service

Abstract

EPCglobal network was designed aiming at sharing information and increasing interoperability, effectiveness and visibility of the supply chain networks via RFID-enable technologies, open architecture, and item-level data query. Since the network needs to manage billions of nodes, machines and users with sensitive information stored in distributed heterogeneous databases from multiple parties, a secured global scaled EPC Discovery Service (EPCDS) system is needed for managing and facilitating the communications among participants. EPCDS is responsible for distributing as well as retrieving the target data. On one hand, it serves as an information sharing bridge among different entities; on the other hand, many of these shared information are business sensitive, and thus cannot be shared without control. Security and privacy has been a major concern for EPCDS. The most critical problem exists when entities have independent but conflict security needs, known as interdependent security threat. In this paper we propose a relationship-based federated access control model to solve the interdependent security problem. The effectiveness of this model is ensured by the proposed decision aggregation rule, which computes individual entity's security decision into a holistic network decision. Our proposed model distinguishes itself from previous works in that it is the first paper that examines in details the interdependent security threat and its countermeasure under the EPCDS network context. The model satisfies all the six key requirements discussed in the paper. Moreover, the access control enforcements are implemented at both EPCIS and the EPCDS levels, which satisfy the security demands of each individual entity as well as the supply network as a whole.