ACM Transactions on Information and System Security (TISSEC)
X -TNL: An XML-based Language for Trust Negotiations
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Trust-X: A Peer-to-Peer Framework for Trust Establishment
IEEE Transactions on Knowledge and Data Engineering
Cassandra: Distributed Access Control Policies with Tunable Expressiveness
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Cassandra: Flexible Trust Management, Applied to Electronic Health Records
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Driving and Monitoring Provisional Trust Negotiation with Metapolicies
POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
The Traust Authorization Service
ACM Transactions on Information and System Security (TISSEC)
A Flexible Policy-Driven Trust Negotiation Model
IAT '07 Proceedings of the 2007 IEEE/WIC/ACM International Conference on Intelligent Agent Technology
Towards an efficient and language-agnostic compliance checker for trust negotiation systems
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Towards practical and secure decentralized attribute-based authorization systems
Towards practical and secure decentralized attribute-based authorization systems
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
| Hi-index | 0.00 |
Trust negotiation is an authorization approach for open distributed systems, such as dynamic coalitions and other types of virtual organizations. Under the trust negotiation approach to authorization, every resource that might be shared within the coalition is protected by an access policy that describes the attributes of those qualified to access it (e.g., employer, job title, role, age). Each party collects digital credentials, such as X.509 attribute certificates or SAML assertions, from credential issuers who can attest to that party's attributes. At run time, a resource owner and potential client exchange information on their access policies and attributes, to determine whether the client possesses the attributes necessary to gain access, and vice versa. Trust negotiation has a firm theoretical foundation and a number of freely available implementations. In this paper, we argue that trust negotiation is ready for a trial deployment in a real-world application. We describe the software available for a deployment, including the flexible TrustBuilder2 framework for experimenting with trust negotiation runtime systems, and the CLOUSEAU compliance checker, which can quickly determine whether a set of credentials complies with a particular policy. We also describe the Traust approach for letting legacy applications take advantage of trust negotiation.