An Invention of a Ubiquitous Access Management System - Research Paper Example

Invention of a Ubiquitous Access Management System (UbAMS) by comparing the Existing Federated Access Management Systems (FAMS) according to different criteria Abstract The existing access management systems (AMS) and federated access management systems (FAMS) do not provide security and privacy as desired from them. These systems tend to have trust, identification and biased services issues related to them. Along with these performance issues; lack of personalization, usability and accessibility issues also reside. After extensive analysis of the current systems, a new term has been invented for an innovative system that will address all the limitations and constraints of AMS and FAMS- Ubiquitous Access Management Systems (UbAMS). UbAMS will provide access to users to their web accounts and services from any access management system rather than providing access to a specific set of systems. It will also provide personalization features, alongside compliance with accessibility and usability standards. 1. Introduction The modern world is highly competitive in terms of being equipped with the latest information and technology. The advent of internet aggravated this desire since it provided avenues of being connected with the world. Different services started being offered on the web that created the need for the users to make online accounts. Online accounts needed the entry of personal information and details. Another aspect that threatened information revolves around the fact that organizations made their customers’ data available on the net so that their services could be availed online. The availability of an ocean of knowledge and personal information tempted the malicious users to use this data for criminal purposes and different techniques were invented to threaten the privacy of the users. The violation of the privacy of the users created a daunting need for rights management systems that would be able to filter the users [1, 2]. Access management systems provided access rights for a specific system only to the users whose identity could be verified by the system [3, 4]. This was a major improvement with respect to security breach of personal details and identity attributes. However, access management systems seemed to lack in the area of providing unified access across several systems; these systems provided identity management to single systems or organizations [5-10]. The constraint of limited access and maintenance of multiple accounts for accessing different organizations did not meet the highly competitive needs of the modern world. Therefore federated access management systems were created to provide access to several systems and organizations through a unified identity [11-14]. Federated access management systems reduced the need to maintain several accounts and also facilitated the tracking of the information that is revealed on the web. It is very common for individuals to forget the information that is given at the time of registration for different accounts and services. Federated access management systems provided a single domain that would be providing access to several accounts therefore information was maintained only on a single source. 2. Current Issues After the passage of time, the limitations with the federated access management systems started being witnessed. The federated access management systems do not offer federated access to all systems and services. On the contrary, they provide access to only a set of organizations that have agreed to collaborate with each other. Therefore the concept of unified access is not catered by the federated access management systems. There are certain criteria that should be met by federated access management systems (shall be discussed in the following sections) [15]; These criteria are not met by some federated access management systems since the information of the customers might be transferred through some unreliable intermediate sources, revealed to third parties etc. Many important FAMs are not able to collaborate and provide a unified access to other systems for example OpenID users cannot access Microsoft Passports with the OpenID account. This proves to be contrary with the claim of federated access management system since they do not provide unified access to all systems and organizations. A complete federated access management system should be able to provide access to all the users irrespective to their accounts’ origin. Along the same lines, access management systems should be able to cater to all the different needs of their customers. Any user should be able to use the system and gain access to any service via an accessible and usable interface. Some other issues that are prevailing in the field of federated access management systems are that these systems do not offer different languages due to which people of other origins and cultures stay deprived of the revolutionary services. Neither do these systems provide the compatibility with assistive technology that would make the services accessible to users with disabilities. These systems do not even comply with the usability standards to make them usable for the greater section of users. 3. Analysis of Federated Access w.r.t Different Criteria The federated access management systems are evaluated with respect to different criteria; the major classifications of the criteria are the different factors of federated access management systems and accessibility/usability aspects of the system. The following figure shows the classification of the criteria: Figure 1: Classification of the criteria As stated earlier, the criteria of analyzing the effectiveness of a federated access management system includes the following factors; Trust American Heritage defines trust as the confidence on the integrity, capability of a thing or person [54]. Customers trust the access management system to safeguard their data. The data has to be protected to the extent that it should not even be forwarded via an unreliable intermediate source. The trust implications are more easily deployed if the access management system provides access to a single organization or system rather than multiple sources [15]. Trust is one of the important criteria of any service since the user will be revealing his personal information to the respective source. Security Security can be defined as freedom of danger or risk of any sort [54] therefore only authorized parties are allowed to access the data to enforce security in AMS. Several techniques may be used to ensure that security is provided to the customer’s data for example biometric authentication, security electronic tokens, encryption algorithms etc [16]. Security plays an important role in the acceptance of an AMS by the users; if the service is not providing security to its users then the sole purpose of the system is futile. Privacy Privacy can be defined as the right of the individual to keep his possessions or data safe from others [55].The users enter different forms of information in the access management systems like email addresses, login credentials for web accounts etc. It is the responsibility of the access management system to ensure that this information is not exposed to any third party [15]. Privacy is chosen as a criterion because the credentials of one user should never to be exposed to the other or any third party. Safeguarding of the individual’s privacy is one of the most important aspects of an AMS. Neutrality Neutrality can be defined as the instance when no sides are being supported; rather an equal amount of share is given to all [54]. All systems and organizations should be dealt according to the same scale and no service or organization should be given more priority in terms of utilization of the resources. It would not be justified to provide greater resources or better terms of service to one organization. Neutrality should be present in a system to ensure the user that all of his web accounts can be accessed without any biasness from the provider. Identity Identity is defined as the collective aspect of something by which it can be recognized [54]. The credentials should be able to identify the individuals in a reliable and effective manner. The credentials should be uniquely assigned to individuals to facilitate perfect identification results. It is important for a user to be identified on the basis of unique and confidential credentials therefore it has been chosen as a criterion. Personalization Languages and Culture Culture is defined as the beliefs, values, customs and material traits of a religious, social or racial group [56]. The latest trend in online services is to offer personalization of the service to suit the needs of the user. Access management systems need to introduce this element in their services so that a greater range of users can utilize the service for example language options, display settings, customized pages etc. Every culture has different views and opinions due to which it plays an important role in developing trust on something [57]. Researchers conclude that people from different cultures tend to trust different forms of technology for example some people associated with a specific culture might not rely on biometric security or might not rely on the platform of e-learning to gain knowledge [58], [59]. Culture is also related to the focus and sensitivity towards people with disabilities and hence their needs. The provision of choosing aspects w.r.t culture will make people more comfortable with the service since there are different inhibitions held by people from different culture for example; some cultures have a greater concern about the privacy on the web while some are not too worried about this factor. Language can be a barrier for many users if some service does not offer language options to choose from therefore language specification has been chosen as a criterion for an effective AMS. Culture preference is an important yet neglected field that requires much attention in the field of computing. Culture tends to affect the choices that people make and their likes or dislikes therefore different cultural options should be offered to the user for his convenience. It is due to this reason that culture has also been chosen as a criterion. Disabilities Disabilities are defined as impairments that might hinder in someone’s routine activities [54]. Nowadays many different types of users are found on the internet that might even include people with disabilities for example weak sightedness, blindness, deafness etc. This criterion will evaluate the degree of features that are available for people with disabilities. Assistive Technologies Assistive technology is defined as the technology that might facilitate the operation of a computer or some other technology [54]. This factor will evaluate if the access management system offers any compatibility with assistive technologies or not. 4. Evaluation of FAMS w.r.t criteria Trust Liberty Alliance considers trust as a major factor needed in the area of access management systems therefore they created an expert group to implement the Liberty Trust Framework [37]. The aim of this framework is to implement standards for identity transactions. Shibboleth also uses a framework for scalable trust and policy sets to ensure that customers can trust their service [38]. OAuth cannot be trusted in terms of mobile, desktop applications because the user login credentials are distributed with the application [44]. The rest of the discussed systems cannot be trusted since they are known to deliver data via unreliable third parties [17, 18, 30, 37]. Security Shibboleth follows the standard OASIS Security Assertion Markup Language (SAML) [21]. OAuth offers a secure service such that the viewers cannot view any other information than what is allowed by the user [43]. FingerID provides secure service due to the incorporation of fingerprint scans in the system. OpenID enables the user to sign in different services with single login credentials; the downside of this service is that an unreliable OpenID provider might leak this information to an unreliable source [19, 20]. Microsoft Passport is also feared for the security of the service due to its associated systems [30, 32]. Privacy Shibboleth uses a handle server that creates temporary sign-in attributes for a user. This information is used to sign-in the customer in the other services. This provides privacy to the customer because the third party site only deals with the temporary handle rather than the actual data of the customer [39]. OAuth and Liberty Alliance follow the privacy protocol that ensures safeguarding of data from any third party [41, 48]. OpenID, Microsoft Passport and FingerID do not provide sufficient privacy to the user’s data and thus cannot be trusted in these criteria [19, 20, 30]. Neutrality Microsoft Passport offers the same terms and services to all of its associated systems and organizations [40]. OAuth provides equally good service to 2-legged requests (directly from the user) as well as 3-legged requests (requests from the user via an intermediate site) [44]. Shibboleth offers equal administrative controls to all of its systems and organizations [45]. OpenID, FingerID and Liberty Alliance are also known to provide a neutral service to all of its associated systems and organizations [41, 42]. Identity OAuth provides great service at providing attributes to the user for his unique identification. The identification is based on two sets of credentials; consumer key and secret token that is granted to the service provider and the user is identified by the token and the token secret [44]. Shibboleth offers only basic access control decision making capability [47]; it is due to this reason that users cannot be differentiated with respect to role hierarchies. Liberty Alliance developed the Identity Assurance Framework that is based on four identity assurance levels therefore identifies users efficiently [49]. FingerID enables effective identification of the user with the incorporation of the fingerprint scan. The other systems do not assign secure attributes to the user that would ensure their privacy and effective identification [46, 47]. Personalization Disability Only Microsoft Passport offers personalization with respect to the disabilities of the users; they offer few features that can make the web experience better for people with disabilities [35]. The rest of the systems do not offer any such personalization. Languages OpenID supports different languages but it is still in the process of standardizing them to make it easier for the users to choose [50]. Although the support has been provided by Yahoo!; OpenID provides compatibility with the respective language specification. OAuth and Microsoft Passport also provide the feature of specifying different languages as per need of the user [51], [52]. The rest of the systems do not offer any support for different languages. Federated Access Management System General criteria for any federated access management system Accessibility and Usability Personalization Assistive Technology Usability Accessibility Trust Security Privacy Neutrality Identity Disability Languages Cultures OpenID [17, 18] [19, 20] [19, 20] [42] [47] [24] [50] [23] [24] Shibboleth [38] [21] [39] [45] [47] [22] [22] [22] OAuth [44] [43] [48] [44] [44] [26] [51] [25] [26] Liberty Alliance [37] [29] [41] [41] [49] [29] [27, 28] [29] Microsoft Passport [30] [30, 32] [30] [31. 40] [36] [35] [52] [35] [33, 34] [35] FingerID Table 1: Evaluation of Current systems Culture Extensive research has been carried out in this area but no evidence has been found regarding any personalization of these systems with respect to culture. Assistive Technology Only Microsoft Passport has been found to offer compatibility with assistive technology such as Microsoft Shared Computer Toolkit [35]. Usability OAuth, Liberty Alliance, Microsoft Passport and FingerID are known to comply with the usability standards whereas the other systems do not. Accessibility Microsoft Passport and FingerID comply with the accessibility standards whereas the other systems do not. 5. Ubiquitous Access Management Systems After the analysis of the existing access management systems, the need for an efficient federated access management system was felt that would do justice with its name. Therefore a new system has been proposed with the addition of a new term to the existing name- Ubiquitous Access Management System (UbAMS). The meaning of the term ‘Ubiquitous’ can be defined as ‘being or seem to be everywhere at the same time’ [53]. The concept that revolves around this term is that information is integrated and can be accessed by any means. Ubiquitous access management systems will enhance the performance of federated access management systems and really perform the effectiveness that is expected from federated access management systems. This system will enable the users to access their accounts from any system i.e. one login identity will be sufficient to provide access to all the federated access management systems. It will prove to be a revolutionary development since the existing systems do not offer this type of unified service. This system will not only offer single sign-in on all FAMS, it will also cater to all the different needs of the users for example needs to personalize the service with respect to language, culture or disabilities etc. The following figure explains how UbAMS will prove to be above both the types of systems; FAMS and AMS: Figure 1: Ubiquitous Access Management System (UbAMS) 5.1 Criteria of UbAMS It can be seen from the Figure 2 that UbAMS will cover all the aspects of FAMS and AMS as well as cater to different needs of the users. The features that will be offered by the respective system are: Culture Personalization Language Personalization Disabilities Personalization Support for assistive technologies Support for accessibility Support for usability 5.2 Advantages UbAMS will solve many prevailing issues that have been explained in this report, namely; security breaches in existing systems, privacy and trust issues, bias services or terms to different organizations etc. This system will make the web experience easy for users who have disabilities and it will also provide compatibility with assistive technology to better suit their needs. The compliance with usability and accessibility standards will help the users to utilize all features of the service in an effective manner. 5.3 Disadvantages It might prove to be a difficult task to implement the system on the basis of numerous standards, models and criteria. The system might get complicated for the users to perceive and use since it will be coupled with such a diverse range of functions. 6. Conclusion Ubiquitous access management systems will prove to do justice with the concept of federated access management and provide unified access to all FAMS. It will offer different features and personalization advantages that have not been addressed by any system before. Future work will focus on the development of such a revolutionary system and the development of the framework or model that will serve the purpose of the system. The following questions shall be used as guidance for the development of the framework: How can federated systems be improved with respect to their unified access, accessibility, usability, languages, disability and cultural adaptability? In what way can the user be facilitated to reduce the number of accounts of federated access management systems? This model will be improved by the recommendations of the people in terms of what they want from a system of its kind. The process of feedback from the users will be a continuous process to produce a user-centric system. UbAMS will aim to provide a comprehensive service to the users that will be an accumulation of a diverse range of features according to the discussed criteria. The innovative aspect about the UbAMS will be that numerous criterion features will be present in it along with a genuine concept of integrating cultural preference in AMS. References [1] H. C. Choi1, Y. H. Yi, J. H. Seo, B. N. Noh, H. H. Lee, “A Privacy Protection Model in ID Management Using Access Control”, Lecture Notes In Computer Science, vol. 3481, pp. 82 – 91, 2005. [2] L. F. Cranor, Web Privacy with P3P. AT&T, O’Reily and Associates, 2002 [3] A. Squicciarini, A. Bhargav, A. Czeskis, E. Bertino, “Traceable and Automatic Compliance of Privacy Policies in Federated Digital Identity Management”, 6th Workshop on Privacy Enhancing Technologies, 2006 [4] CafeSoft, Access Management, [Online], Available: http://www.cafesoft.com/products/cams/access-management-white-paper.html#Introduction, 2010, [October 28, 2010] [5] S. Bhatt, S. R. Rajagopalan, P. Rao, “Federated Security Management for Dynamic Coalitions”, IEEE, 2003 [6] A. J. Pope, "User Centric Identity Management”, AusCERT - Asia Pacific Information Technology Security Conference Refereed R&D Stream, Gold Coast, Australia, 2005. [7] CA, “The business value of Identity Federation”, [Online], Available: http://www.comnews.com/WhitePaper_Library/Security/pdfs/CAfedbi z_drivers.pdf, 2007, [October 28 2010] [8] CA. “Identity Federation: Concepts, Use Cases and Industry Standards” [Online], Available: http://images.vnunet.com/v7_static/itw/pdf/identity_federation_wp.pdf, 2007, [October 29 2010] [9] SpendOnLife.com. “2009 Identity Theft Statistics” [Online], Available: http://www.spendonlife.com/guide/2009-identity-theftstatistics, 2009, [October 29 2010] [10] Microsoft Corporation, “Online Identity Theft: Changing the Game Protecting Personal Information on the Internet”, [Online], Available: http://download.microsoft.com/download/0/d/3/0d34ccfa-5498-4fabbb32- 16c881bafba7/Online%20ID%20Theft- %20Changing%20the%20Game.pdf, 2008, [October 29 2010] [11] J. Noel Colin, T. D. Le, D. Massart, “A Federated Authorization Service for Bridging Learning Object Distribution Models”, Lecture Notes in Computer Science, vol. 5686, pp. 116–125, 2009 [12] T. Sans, F. Cuppens, N. C. Boulahia, “FORM: A Federated Rights Expression Model for Open DRM Frameworks”, Lecture Notes In Computer Science, vol. 4435, pp. 45–59, 2007. [13] M.J. Muller, J.S. Kaminski, G.J. Stuk, J.C. Zolnowski, A. ShHferstein, J.G. Smith, J.E. Daniel, D.T. Bartel, J.A. Wotus, G.J. Schwerdtman, “Issues in a User Access Management System”, IEEE, 1988 [14] R. Akbani, T. Korkmaz, and G.V.S. Raju, “A Hybrid Trust Management System for automated Fine-Grained Access Control”, IEEE, 2009 [15] S. Melissa, “Introduction to the Federated Access Management in the UK”, JISC, [Online], Available: http://www.jisc.ac.uk/whatwedo/themes/accessmanagement/federation/about.aspx 2009, [Nov. 11, 2010] [16] C. Lynch, “A White Paper on Authentication and Access Management Issues in Cross-organizational Use of Networked Information Resources”, Coalition for Networked Information, [Online], Available: http://www.cni.org/projects/authentication/authentication-wp.html#Evaluation_and_Analysis_Criteria, [Nov 11, 2010] [17] P. Ferguson, “OpenID: Saviour or Fraud?”, [Online], Available: http://fergdawg.blogspot.com/2008/02/openid-saviour-or-fraud.html, Feb. 08, 2008, [Nov 12, 2010] [18] Server Fault, “Is OpenID secure?”, [Online], Available: http://serverfault.com/questions/111164/is-open-id-secure, Feb 9, 2010, [Nov 12, 2010] [19] E. Prodromou, “OpenID Privacy Concerns”, [Online], Available: http://evan.prodromou.name/OpenID_Privacy_Concerns, 2007, [Nov 12, 2010] [20] P. Mortensen, “Are there any security risks associated with me using OpenID as the authentication method on my site?”, StackOverFlow, [Online], Available: http://stackoverflow.com/questions/182258/are-there-any-security-risks-associated-with-me-using-openid-as-the-authenticatio, 2008, [Nov 13, 2010] [21] R. L. Morgan, S. Cantor, S. Carmody, W. Hoehn, K. Klingenstein, “Federated Security: The Shibboleth Approach”, Educause Quarterly, Vol 27, No. 4, 2004. [22] C. Joie, “Understanding Shibboleth- SLO Issues”, Internet2, 2010, Available: https://spaces.internet2.edu/display/SHIB2/SLOIssues, [Nov 12, 2010] [23] J. A. Holsten, “Re: Issues”, Personal Email [Nov. 12, 2010] [24] FactoryJoe.com, “OpenID usability is not an oxymoron”, [Online], Available: http://factoryjoe.com/blog/2008/10/28/openid-usability-is-not-an-oxymoron/, 2008, [Nov 12, 2010] [25] M. Engel, “MySpaceID Usability Testing”, Slide Share.net, 2009 [26] W3C, “Accessibility issues of social Web”, W3C, [Online], Available: http://www.w3.org/WAI/PF/wiki/Social_Web#OAuth_Accessibility_Issues, 2010, [Nov 13, 2010] [27] T. Skytta, “Liberty Alliance Completes Two Projects Based on their ID-WSF”, Sun Systems,Top of Form Volume 73, Issue 5, 2004 [28] B. Canada, “BCE Becomes First Canadian Member of Liberty Alliance”, theWHIR.com, [Online], Available: http://www.thewhir.com/web-hosting-news/bce927, 2001, [Nov 13, 2010] [29] P. Judge, S. Shankland “Liberty - is usability compatible with security?”, ZDnet US, 2002 [30] M. Slemko, “Microsoft Passport to Trouble”, Znep.com, [Online], Available: http//www.znep.com/~marcs/passport/, 2005, [Nov 13, 2010] [31] A. Logan, “Real-time Shared Experiences with Messenger Connect”, Windows Stream Blog, 2010 [32] Federal Trade Commission, “Microsoft Settles FTC Charges Alleging False Security and Privacy Promises”, Federal Trade Commission, 2002 [33] S. Baklanov, “Security models in ASP.NET. Authentication”, XLineSoft, 2005 [34] D. Shinder, “How to Use Microsoft’s Shared Computer Toolkit”, Window Security.com, [Online], Available: www.windowsecurity.com/articles/Microsoft-Shared-Computer-Toolkit.html, 2005, [Nov 13, 2010]  [35] N. Shah, R. Ye, “Understanding Microsoft Passport”, MSc Thesis, North Eastern University [36] D. Berlind, “Microsofts Identity Chief: After Passport, Microsoft is rethinking identity”, [Online], Available: http://www.zdnet.com/blog/btl/microsofts-identity-chief-after-passport-microsoft-is-rethinking-identity/1188, March 21, 2005, [Nov 13, 2010] [37] The Free Library, “Liberty Alliance Builds Global Trust Framework for Identity Federations Spanning Industries and Regions”, [Online], Available: http://www.thefreelibrary.com/Liberty+Alliance+Builds+Global+Trust+Framework+for+Identity...-a0168502734, 2007, [Nov 14, 2010] [38] Oxford Computer Group , “Achieving Interoperability between Active Directory Federation Services and Shibboleth”, [Online], Available: http://www.oxfordcomputergroup.com/ocg_/images/resources/ADFS%20White%20Paper%2002-07.pdf, 2007, [Nov 14, 2010] [39] News and Communication, “Shibboleth Relieves Password Overload, Enhances Computer Privacy”, [Online], Available: http://www.dukenews.duke.edu/2004/09/shibboleth_0904.html, 2004, [Nov 14, 2010] [40] Computer Weekly.com, “Microsoft to open Passport for rivals”, [Online], Available: http://www.computerweekly.com/Articles/2001/09/20/182640/Microsoft-to-open-Passport-for-rivals.htm, Sept 20, 2001, [Nov 15, 2010] [41] A. Gonsalves, , “General Services Administration, Defense Department Join Liberty Alliance”, Techweb News, [Online], Available: http://www.informationweek.com/news/global-cio/showArticle.jhtml?articleID=8700333, March 5, 2003, [Nov 15, 2010] [42] R. Nairn, “OpenID”, [Online], Available: http://www.tbray.org/ongoing/When/200x/2007/02/24/OpenID, 2007, [Nov 16, 2010] [43] M. Simhachalam, “Securing REST Web Services With OAuth”, Oracle Corporation, 2009 [44] E. H. Lahav, “Beginner’s Guide to OAuth – Part III : Security Architecture”, Hueinverse, [Online], Available: http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iii-security-architecture/, Oct 3, 2008, [Nov 16, 2010] [45] L. Ngo, A. Apon, “Using Shibboleth for Authorization and Authentication to the Subversion Version Control Repository System”, [Online], Available: http://research.acxiom.com/downloads/ALAR2007_Proceedings/3-4-1--Ngo-Apon--Shibboleth-versioning--presentation.pdf, 2007, [Nov. 16, 2010] [46] Shibboleth, 2010, Internet 2, http://www.internet2.edu/pubs/shibboleth-infosheet.pdf [47] D. Chadwick, S. Otenko, W. Xu, “Adding Distributed Trust Management to Shibboleth”, University of Kent, [Online], Available:, http://middleware.internet2.edu/pki05/proceedings/chadwick-distributed-shibboleth.pdf, [Nov 17, 2010] [48] M. Kirkpatrick, “Its Official: Mashup Privacy Protocol OAuth Is Fair Game”, Read Write Web, [Online], Available: http://www.readwriteweb.com/archives/oauth_nonassert.php, Aug 26, 2008, [Nov 18, 2010] [49] The Free Library, “Liberty Alliance releases Assurance Framework”, The Free Library, [Online], Available: http://www.thefreelibrary.com/LIBERTY+ALLIANCE+RELEASES+INDENTITY+ASSURANCE+FRAMEWORK-a0180669486, [Nov. 18, 2010] [50] Yahoo!, “OpenID FAQ”, [Online], Available: http://developer.yahoo.com/openid/faq.html, [Nov 18, 2010] [51] G. F. Fletcher, “OAuth Extension for Specifying User Language Preference - Draft 2”, [Online], Available: http://oauth.googlecode.com/svn/spec/ext/language_preference/1.0/drafts/2/spec.html, 2007, [Nov 18, 2010] [52] Microsoft Corporation, “Passport Login Page Appears in the Wrong Language”, [Online], Available: http://support.microsoft.com/kb/299513, Sep. 30, 2003, [Nov 18 2010] [53] Yahoo Education, “Ubiquitous”, [Online], Available: http://education.yahoo.com/reference/dictionary/entry/ubiquitous, [Nov 18, 2010] [54] Houghton Mifflin Harcourt, American Heritage Dictionary, [Online], Available: http://www.houghtonmifflinbooks.com/ahd/, 2010, [Nov 24, 2010] [55] A. Westin, Privacy and Freedom. Atheneum, New York, 1967. [56] SteppingStones.org, “Defining Culture”, [Online], Available: http://www.steppingstonesforvets.org/Community%20Issues-Culture/Defining_Culture.pdf, 2010, [Nov 24, 2010] [57] P. B. Lowry, D. Zhang, L. Zhou, X. Fu, “The Impact of National Culture and Social Presence on Trust and Communication Quality within Collaborative Groups”, Proceedings of the 40th Hawaii International Conference on System Sciences, 2007 [58] M. A. Hamar, R. Dawson, L. Guan, “A Culture of Trust Threatens Security and Privacy in Qatar”, 10th IEEE International Conference on Computer and Information Technology, 2010 [59] S. Omosule, C. Shoniregun, D. Preston, “A Framework for Culture Influence Virtual Learning Environments Trust”, IEEE, 2008 Read More