Secure resource sharing on cross-organization collaboration using a novel trust method

A virtual enterprise (VE) consists of a network of independent, geographically dispersed administrative business domains that collaborate with each other by sharing business processes and resources across enterprises to provide a value-added service to customers. Therefore, the success of a VE relies on full information transparency and appropriate resource sharing, making security and trust among subjects significant issues. Trust evaluation to ensure information security is most complicated in a VE involving cross-organization collaboration. This study presents a virtual enterprise access control (VEAC) model to enable resource sharing for collaborative operations in the VE. A scenario for authentication and authorization in the life cycle of a VE is then described to identify the main activities for controlling access. Also developed herein is a trust evaluation method based on the VEAC model to improve its security while safeguarding sensitive resources to support collaborative activities. The trust evaluation method involves two trust evaluation sub-models, one to evaluate the level of trust between two virtual enterprise roles, and another to measure the level of trust between two projects. The two sub-models support each other to make resource-sharing decisions, and are developed based on the concepts of direct, indirect, and negative trust factors. Finally, an example of measuring the trust between two subjects is demonstrated after introducing the two sub-models. The VEAC-based trust evaluation method enables the following: (1) secure resource sharing across projects and enterprises, (2) collaborative operation among participating workers, (3) increased information transparency and (4) lowered information delay in VEs. (c) 2006 Elsevier Ltd. All rights reserved.