Andrew: a distributed personal computing environment
Communications of the ACM - The MIT Press scientific computation series
Regulating service access and information release on the Web
Proceedings of the 7th ACM conference on Computer and communications security
Communications of the ACM
Heterogeneous networking: a new survivability paradigm
Proceedings of the 2001 workshop on New security paradigms
Design and implementation of the idemix anonymous credential system
Proceedings of the 9th ACM conference on Computer and communications security
ACM Transactions on Information and System Security (TISSEC)
IEEE Internet Computing
Distributed credential chain discovery in trust management
Journal of Computer Security
HPDC '03 Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing
X -TNL: An XML-based Language for Trust Negotiations
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Oblivious signature-based envelope
Proceedings of the twenty-second annual symposium on Principles of distributed computing
An Online Credential Repository for the Grid: MyProxy
HPDC '01 Proceedings of the 10th IEEE International Symposium on High Performance Distributed Computing
Towards Practical Automated Trust Negotiation
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
A Community Authorization Service for Group Collaboration
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Trust-X: A Peer-to-Peer Framework for Trust Establishment
IEEE Transactions on Knowledge and Data Engineering
Proceedings of the 2003 ACM workshop on Privacy in the electronic society
Cassandra: Distributed Access Control Policies with Tunable Expressiveness
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Content-triggered trust negotiation
ACM Transactions on Information and System Security (TISSEC)
A logic-based framework for attribute based access control
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
On achieving software diversity for improved network security using distributed coloring algorithms
Proceedings of the 11th ACM conference on Computer and communications security
Distributed Proving in Access-Control Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Adaptive trust negotiation and access control
Proceedings of the tenth ACM symposium on Access control models and technologies
The MyProxy online credential repository: Research Articles
Software—Practice & Experience - Grid Security
Automated trust negotiation using cryptographic credentials
Proceedings of the 12th ACM conference on Computer and communications security
CPOL: high-performance policy evaluation
Proceedings of the 12th ACM conference on Computer and communications security
PeerAccess: a logic for distributed authorization
Proceedings of the 12th ACM conference on Computer and communications security
Secure context-sensitive authorization
Pervasive and Mobile Computing
Scalability in a secure distributed proof system
PERVASIVE'06 Proceedings of the 4th international conference on Pervasive Computing
Virtual fingerprinting as a foundation for reputation in open systems
iTrust'06 Proceedings of the 4th international conference on Trust Management
Interactive credential negotiation for stateful business processes
iTrust'05 Proceedings of the Third international conference on Trust Management
Fuzzy identity-based encryption
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Preserving confidentiality of security policies in data outsourcing
Proceedings of the 7th ACM workshop on Privacy in the electronic society
Identity-based long running negotiations
Proceedings of the 4th ACM workshop on Digital identity management
Wireless Personal Communications: An International Journal
Trust negotiation: authorization for virtual organizations
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
An XACML-based privacy-centered access control system
Proceedings of the first ACM workshop on Information security governance
A dynamic privacy model for web services
Computer Standards & Interfaces
Supporting privacy preferences in credential-based interactions
Proceedings of the 9th annual ACM workshop on Privacy in the electronic society
Trust establishment in the formation of Virtual Organizations
Computer Standards & Interfaces
Fine-grained disclosure of access policies
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Modeling and negotiating service quality
Service research challenges and solutions for the future internet
Integrating trust management and access control in data-intensive Web applications
ACM Transactions on the Web (TWEB)
Hi-index | 0.00 |
In recent years, trust negotiation has been proposed as a novel authorization solution for use in open-system environments, in which resources are shared across organizational boundaries. Researchers have shown that trust negotiation is indeed a viable solution for these environments by developing a number of policy languages and strategies for trust negotiation that have desirable theoretical properties. Further, existing protocols, such as TLS, have been altered to interact with prototype trust negotiation systems, thereby illustrating the utility of trust negotiation. Unfortunately, modifying existing protocols is often a time-consuming and bureaucratic process that can hinder the adoption of this promising technology. In this paper, we present Traust, a third-party authorization service that leverages the strengths of existing prototype trust negotiation systems. Traust acts as an authorization broker that issues access tokens for resources in an open system after entities use trust negotiation to satisfy the appropriate resource access policies. The Traust architecture was designed to allow Traust to be integrated either directly with newer trust-aware applications or indirectly with existing legacy applications; this flexibility paves the way for the incremental adoption of trust negotiation technologies without requiring widespread software or protocol upgrades. We discuss the design and implementation of Traust, the communication protocol used by the Traust system, and its performance. We also discuss our experiences using Traust to broker access to legacy resources, our proposal for a Traust-aware version of the GridFTP protocol, and Traust's resilience to attack.