Distributed rational decision making
Multiagent systems
ACM SIGAda Ada Letters
A uniform framework for regulating service access and information release on the web
Journal of Computer Security
ACM Transactions on Information and System Security (TISSEC)
Policy Specification for Programmable Networks
IWAN '99 Proceedings of the First International Working Conference on Active Networks
Secure mediation: requirements, design, and architecture
Journal of Computer Security - IFIP 2000
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Automated Trust Negotiation
An Adaptive Policy-Based Framework for Network Services Management
Journal of Network and Systems Management
Model-carrying code: a practical approach for safe execution of untrusted applications
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
An access control framework for business processes for web services
Proceedings of the 2003 ACM workshop on XML security
Automated trust negotiation using cryptographic credentials
Proceedings of the 12th ACM conference on Computer and communications security
Access control enforcement for conversation-based web services
Proceedings of the 15th international conference on World Wide Web
A Negotiation Scheme for Access Rights Establishment in Autonomic Communication
Journal of Network and Systems Management
Security-by-contract: toward a semantics for digital signatures on mobile code
EuroPKI'07 Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice
Computer Networks: The International Journal of Computer and Telecommunications Networking
Provably correct inline monitoring for multithreaded Java-like programs
Journal of Computer Security - EU-Funded ICT Research on Trust and Security
Modeling and negotiating service quality
Service research challenges and solutions for the future internet
Hi-index | 0.00 |
The classical approach to access control of Web Services is to present a number of credentials for the access to a service and possibly negotiate their disclosure using a suitable negotiation protocol and a policy to protect them. In practice the "Web Service" is not really a single service but rather a set of services that can be accessed only through a suitable conversation. Further, in real-life we are often willing to trade the disclosure of personal attributes (frequent flyer number, car plate or AAA membership etc.) in change of additional services and only in a particular order. In this paper we propose a novel negotiation framework where services, needed credentials, and behavioral constraints on the disclosure of privileges are bundled together and that clients and servers have a hierarchy of preferences among the different bundles. While the protocol supports arbitrary negotiation strategies we sketch two concrete strategies (one for the clientand one for the service provider) that make it possible to successfully complete a negotiation when dealing with a co-operative partner and to resist attacks by malicious agentto "vacuum-clean" the preference policy of the honest participant.