X -TNL: An XML-based Language for Trust Negotiations
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Towards Practical Automated Trust Negotiation
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Trust Negotiations: Concepts, Systems, and Languages
Computing in Science and Engineering
Adaptive trust negotiation and access control
Proceedings of the tenth ACM symposium on Access control models and technologies
Trust Negotiation in Identity Management
IEEE Security and Privacy
Protecting privacy during on-line trust negotiation
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Obligations: Building a Bridge between Personal and Enterprise Privacy in Pervasive Computing
TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
Hi-index | 0.00 |
Existing access control systems are typically unilateral in that the enterprise service provider assigns the access rights and makes the access control decisions, and there is no negotiation between the client and the service provider. As access management systems lean towards being user-centric, unilateral approaches can no longer adequately preserve the user's privacy, particularly where the communicating parties have no pre-existing trust relationships. Establishing sufficient trust is therefore essential before parties can exchange sensitive information. This paper describes a bilateral symmetric approach to access control which deals with privacy and confidentiality simultaneously in distributed transactions. We introduce the concept of Obligation of Trust (OoT) as a privacy assurance mechanism that is built upon the XACML standard. The OoT allows communicating parties to dynamically exchange their privacy requirements, which we term Notification of Obligations (NOB) as well as their committed obligations, which we term Signed Acceptance of Obligations (SAO). We describe some applicability of these concepts and show how they can be integrated into distributed access control systems for stricter privacy and confidentiality control.