For unknown secrecies refusal is better than lying
Data & Knowledge Engineering
Proceedings of the 7th ACM conference on Computer and communications security
Regulating service access and information release on the Web
Proceedings of the 7th ACM conference on Computer and communications security
On specifying security policies for web documents with an XML-based language
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Interoperable strategies in automated trust negotiation
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
Atomicity versus Anonymity: Distributed Transactions for Electronic Commerce
VLDB '98 Proceedings of the 24rd International Conference on Very Large Data Bases
Towards Practical Automated Trust Negotiation
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Protecting sensitive attributes in automated trust negotiation
Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
First experiences using XACML for access control in distributed systems
Proceedings of the 2003 ACM workshop on XML security
Policy migration for sensitive credentials in trust negotiation
Proceedings of the 2003 ACM workshop on Privacy in the electronic society
Trust Negotiations: Concepts, Systems, and Languages
Computing in Science and Engineering
Content-triggered trust negotiation
ACM Transactions on Information and System Security (TISSEC)
Collaborative Automated Trust Negotiation in Peer-to-Peer Systems
P2P '04 Proceedings of the Fourth International Conference on Peer-to-Peer Computing
Preventing attribute information leakage in automated trust negotiation
Proceedings of the 12th ACM conference on Computer and communications security
Automated trust negotiation using cryptographic credentials
Proceedings of the 12th ACM conference on Computer and communications security
Maintaining privacy on derived objects
Proceedings of the 2005 ACM workshop on Privacy in the electronic society
Hierarchical hippocratic databases with minimal disclosure for virtual organizations
The VLDB Journal — The International Journal on Very Large Data Bases
Protecting the privacy of user's QoS preferences for multimedia applications
Proceedings of the 2nd ACM international workshop on Wireless multimedia networking and performance modeling
Managing Impacts of Security Protocol Changes in Service-Oriented Applications
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Trust Negotiation in Identity Management
IEEE Security and Privacy
Privilege federation between different user profiles for service federation
Proceedings of the 4th ACM workshop on Digital identity management
Distributed Authorization by Multiparty Trust Negotiation
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Optimal Privacy-Aware Path in Hippocratic Databases
DASFAA '09 Proceedings of the 14th International Conference on Database Systems for Advanced Applications
Security and trust in virtual healthcare communities
Proceedings of the 2nd International Conference on PErvasive Technologies Related to Assistive Environments
On the tradeoff between trust and privacy in wireless ad hoc networks
Proceedings of the third ACM conference on Wireless network security
Implementation of an agent-oriented trust management infrastructure based on a hybrid PKI model
iTrust'03 Proceedings of the 1st international conference on Trust management
Obligations for privacy and confidentiality in distributed transactions
EUC'07 Proceedings of the 2007 conference on Emerging direction in embedded and ubiquitous computing
Preventing unofficial information propagation
ICICS'07 Proceedings of the 9th international conference on Information and communications security
A secure collaboration service for dynamic virtual organizations
Information Sciences: an International Journal
Trust establishment in the formation of Virtual Organizations
Computer Standards & Interfaces
Modeling and negotiating service quality
Service research challenges and solutions for the future internet
Privacy is linking permission to purpose
SP'04 Proceedings of the 12th international conference on Security Protocols
Privacy-Preserving trust negotiations
PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies
Privacy preserving of trust management credentials based on trusted computing
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
An XML-based protocol for improving trust negotiation between Web Services
Proceedings of the 27th Annual ACM Symposium on Applied Computing
| Hi-index | 0.00 |
The dramatic growth of services and information on the Internet is accompanied by growing concerns over privacy. Trust negotiation is a new approach to establishing trust between strangers on the Internet through the bilateral exchange of digital credentials, the on-line analogue to the paper credentials people carry in their wallets today. When a credential contains sensitive information, its disclosure is governed by an access control policy that specifies credentials that must be received before the sensitive credential is disclosed. This paper identifies the privacy vulnerabilities present in on-line trust negotiation and the approaches that can be taken to eliminate or minimize those vulnerabilities. The paper proposes modifications to negotiation strategies to help prevent the inadvertent disclosure of credential information during online trust negotiation for those credentials or credential attributes that have been designated as sensitive, private information.