The Traust Authorization Service

Authors:
Adam J. Lee;Marianne Winslett;Jim Basney;Von Welch
Affiliations:
University of Illinois at Urbana-Champaign;University of Illinois at Urbana-Champaign;National Center for Supercomputing Applications;National Center for Supercomputing Applications
Venue:
ACM Transactions on Information and System Security (TISSEC)
Year:
2008

Citing 32
Cited 11

Andrew: a distributed personal computing environment

Communications of the ACM - The MIT Press scientific computation series
Regulating service access and information release on the Web

Proceedings of the 7th ACM conference on Computer and communications security
How to share a secret

Communications of the ACM
Heterogeneous networking: a new survivability paradigm

Proceedings of the 2001 workshop on New security paradigms
Design and implementation of the idemix anonymous credential system

Proceedings of the 9th ACM conference on Computer and communications security
Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation

ACM Transactions on Information and System Security (TISSEC)
Negotiating Trust on the Web

IEEE Internet Computing
Distributed credential chain discovery in trust management

Journal of Computer Security
Security for Grid Services

HPDC '03 Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing
X -TNL: An XML-based Language for Trust Negotiations

POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Oblivious signature-based envelope

Proceedings of the twenty-second annual symposium on Principles of distributed computing
An Online Credential Repository for the Grid: MyProxy

HPDC '01 Proceedings of the 10th IEEE International Symposium on High Performance Distributed Computing
Towards Practical Automated Trust Negotiation

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
A Community Authorization Service for Group Collaboration

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Trust-X: A Peer-to-Peer Framework for Trust Establishment

IEEE Transactions on Knowledge and Data Engineering
Hidden Credentials

Proceedings of the 2003 ACM workshop on Privacy in the electronic society
Cassandra: Distributed Access Control Policies with Tunable Expressiveness

POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Content-triggered trust negotiation

ACM Transactions on Information and System Security (TISSEC)
A logic-based framework for attribute based access control

Proceedings of the 2004 ACM workshop on Formal methods in security engineering
On achieving software diversity for improved network security using distributed coloring algorithms

Proceedings of the 11th ACM conference on Computer and communications security
Distributed Proving in Access-Control Systems

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Adaptive trust negotiation and access control

Proceedings of the tenth ACM symposium on Access control models and technologies
The MyProxy online credential repository: Research Articles

Software—Practice & Experience - Grid Security
Automated trust negotiation using cryptographic credentials

Proceedings of the 12th ACM conference on Computer and communications security
CPOL: high-performance policy evaluation

Proceedings of the 12th ACM conference on Computer and communications security
PeerAccess: a logic for distributed authorization

Proceedings of the 12th ACM conference on Computer and communications security
Secure context-sensitive authorization

Pervasive and Mobile Computing
Scalability in a secure distributed proof system

PERVASIVE'06 Proceedings of the 4th international conference on Pervasive Computing
Virtual fingerprinting as a foundation for reputation in open systems

iTrust'06 Proceedings of the 4th international conference on Trust Management
Interactive credential negotiation for stateful business processes

iTrust'05 Proceedings of the Third international conference on Trust Management
Fuzzy identity-based encryption

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques

Preserving confidentiality of security policies in data outsourcing

Proceedings of the 7th ACM workshop on Privacy in the electronic society
Identity-based long running negotiations

Proceedings of the 4th ACM workshop on Digital identity management
Co-opetition Enabling Security for Cooperative Networks: Authorizing Composition Agreement Negotiations between Ambient Networks

Wireless Personal Communications: An International Journal
Trust negotiation: authorization for virtual organizations

Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
An XACML-based privacy-centered access control system

Proceedings of the first ACM workshop on Information security governance
A dynamic privacy model for web services

Computer Standards & Interfaces
Supporting privacy preferences in credential-based interactions

Proceedings of the 9th annual ACM workshop on Privacy in the electronic society
Trust establishment in the formation of Virtual Organizations

Computer Standards & Interfaces
Fine-grained disclosure of access policies

ICICS'10 Proceedings of the 12th international conference on Information and communications security
Modeling and negotiating service quality

Service research challenges and solutions for the future internet
Integrating trust management and access control in data-intensive Web applications

ACM Transactions on the Web (TWEB)

Quantified Score

Hi-index	0.00

Visualization

Abstract

In recent years, trust negotiation has been proposed as a novel authorization solution for use in open-system environments, in which resources are shared across organizational boundaries. Researchers have shown that trust negotiation is indeed a viable solution for these environments by developing a number of policy languages and strategies for trust negotiation that have desirable theoretical properties. Further, existing protocols, such as TLS, have been altered to interact with prototype trust negotiation systems, thereby illustrating the utility of trust negotiation. Unfortunately, modifying existing protocols is often a time-consuming and bureaucratic process that can hinder the adoption of this promising technology. In this paper, we present Traust, a third-party authorization service that leverages the strengths of existing prototype trust negotiation systems. Traust acts as an authorization broker that issues access tokens for resources in an open system after entities use trust negotiation to satisfy the appropriate resource access policies. The Traust architecture was designed to allow Traust to be integrated either directly with newer trust-aware applications or indirectly with existing legacy applications; this flexibility paves the way for the incremental adoption of trust negotiation technologies without requiring widespread software or protocol upgrades. We discuss the design and implementation of Traust, the communication protocol used by the Traust system, and its performance. We also discuss our experiences using Traust to broker access to legacy resources, our proposal for a Traust-aware version of the GridFTP protocol, and Traust's resilience to attack.