Document Type



RFID adoption in supply chains is both viable in gaining on-target end-to-end visibility and crucial to sustain competitiveness. RFID-based information flow will cut across partners in business chains that extended beyond borders. Privacy and security preferences (PSP) are manifested when supply chain parties are sharing (EPC-RFID-based) data to gain visibility. The role of each party cannot be singly used to determine the preference of either party to derive the necessary entitlement for the requesting party. The preference-based entitlement must ensure data sharing is privacy-protected and security-enforced.

In this research, a Relationship-Based Access Control (ReBAC) model is proposed for on-demand privacy and security entitlement in RFID-enabled supply chains. The model includes two key concepts: on-demand preference and privacy and security scheme. Preference is governed by the two parties’ relationship, and the scheme is driven by the data dimensions (i.e., data sensitivity, data location and data ownership). RBAC is capable of addressing one party’s need to gain pre-determined permissions according to role assignment or activation. The relationship-based approach is on-demand, two-party, relationship-based preference to gain entitlement (for visibility services) with scheme-enabled privacy and security activation.