XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
PRUNES: an efficient and complete strategy for automated trust negotiation over the Internet
Proceedings of the 7th ACM conference on Computer and communications security
Securing context-aware applications using environment roles
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
On specifying security policies for web documents with an XML-based language
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Some thoughts on agent trust and delegation
Proceedings of the fifth international conference on Autonomous agents
Interoperable strategies in automated trust negotiation
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Secure and selective dissemination of XML documents
ACM Transactions on Information and System Security (TISSEC)
Multi-agent infrastructure, agent discovery , middle agents for Web services and interoperation
Mutli-agents systems and applications
Towards flexible credential verification in mobile ad-hoc networks
Proceedings of the second ACM international workshop on Principles of mobile computing
Design and implementation of the idemix anonymous credential system
Proceedings of the 9th ACM conference on Computer and communications security
ACM Transactions on Information and System Security (TISSEC)
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
IEEE Internet Computing
An Axiomatic Basis for Reasoning about Trust in PKIs
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
Authorization Based on Evidence and Trust
DaWaK 2000 Proceedings of the 4th International Conference on Data Warehousing and Knowledge Discovery
Relying Party Credentials Framework
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Multi-agent Infrastructure, Agent Discovery, Middle Agents for Web Services and Interoperation
EASSS '01 Selected Tutorial Papers from the 9th ECCAI Advanced Course ACAI 2001 and Agent Link's 3rd European Agent Systems Summer School on Multi-Agent Systems and Applications
Distributed Trust in Open Multi-agent Systems
Proceedings of the workshop on Deception, Fraud, and Trust in Agent Societies held during the Autonomous Agents Conference: Trust in Cyber-societies, Integrating the Human and Artificial Perspectives
Future Directions in Role-Based Access Control Models
MMM-ACNS '01 Proceedings of the International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security
Law-Governed Internet Communities
COORDINATION '00 Proceedings of the 4th International Conference on Coordination Languages and Models
On the Negotiation of Access Control Policies
Revised Papers from the 9th International Workshop on Security Protocols
Trust-Based Security Model and Enforcement Mechanism for Web Service Technology
TES '02 Proceedings of the Third International Workshop on Technologies for E-Services
A Policy Language for the Management of Distributed Agents
AOSE '01 Revised Papers and Invited Contributions from the Second International Workshop on Agent-Oriented Software Engineering II
Induced role hierarchies with attribute-based RBAC
Proceedings of the eighth ACM symposium on Access control models and technologies
An access control model for dynamic client-side content
Proceedings of the eighth ACM symposium on Access control models and technologies
A Unified Scheme for Resource Protection in Automated Trust Negotiation
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Generalized Role-Based Access Control
ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
Requirements for Policy Languages for Trust Negotiation
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Towards Practical Automated Trust Negotiation
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Relying Party Credentials Framework
Electronic Commerce Research
Role-Based Access Controls: Status, Dissemination, and Prospects for Generic Security Mechanisms
Electronic Commerce Research
A propositional logic for access control policy in distributed systems
Artificial intelligence and security in computing systems
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
Trust-serv: model-driven lifecycle management of trust negotiation policies for web services
Proceedings of the 13th international conference on World Wide Web
Trust-X: A Peer-to-Peer Framework for Trust Establishment
IEEE Transactions on Knowledge and Data Engineering
Policy migration for sensitive credentials in trust negotiation
Proceedings of the 2003 ACM workshop on Privacy in the electronic society
Trust Negotiations: Concepts, Systems, and Languages
Computing in Science and Engineering
Content-triggered trust negotiation
ACM Transactions on Information and System Security (TISSEC)
Trust evaluation in ad-hoc networks
Proceedings of the 3rd ACM workshop on Wireless security
The Knowledge Engineering Review
Adaptive trust negotiation and access control
Proceedings of the tenth ACM symposium on Access control models and technologies
A Trust-Based Context-Aware Access Control Model for Web-Services
Distributed and Parallel Databases
Preventing attribute information leakage in automated trust negotiation
Proceedings of the 12th ACM conference on Computer and communications security
PeerAccess: a logic for distributed authorization
Proceedings of the 12th ACM conference on Computer and communications security
Achieving Privacy in Trust Negotiations with an Ontology-Based Approach
IEEE Transactions on Dependable and Secure Computing
Traust: a trust negotiation-based authorization service for open systems
Proceedings of the eleventh ACM symposium on Access control models and technologies
Integrating presence inference into trust management for ubiquitous systems
Proceedings of the eleventh ACM symposium on Access control models and technologies
Safety in automated trust negotiation
ACM Transactions on Information and System Security (TISSEC)
An integrated approach to federated identity and privilege management in open systems
Communications of the ACM - Spam and the ongoing battle for the inbox
X-FEDERATE: A Policy Engineering Framework for Federated Access Management
IEEE Transactions on Software Engineering
Managing Impacts of Security Protocol Changes in Service-Oriented Applications
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Administering access control in dynamic coalitions
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Adaptive Trust Negotiation and Access Control for Grids
GRID '05 Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing
Proceedings of the 12th ACM symposium on Access control models and technologies
PP-trust-X: A system for privacy preserving trust negotiations
ACM Transactions on Information and System Security (TISSEC)
Trust-based security for wireless ad hoc and sensor networks
Computer Communications
Trust management for trusted computing platforms in web services
Proceedings of the 2007 ACM workshop on Scalable trusted computing
A scalable and flexible web services authentication model
Proceedings of the 2007 ACM workshop on Secure web services
The Traust Authorization Service
ACM Transactions on Information and System Security (TISSEC)
Middleware for semantic-based security and safety management of open services
International Journal of Web and Grid Services
UMLtrust: towards developing trust-aware software
Proceedings of the 2008 ACM symposium on Applied computing
Towards an efficient and language-agnostic compliance checker for trust negotiation systems
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Usage control platformization via trustworthy SELinux
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Authorization in trust management: Features and foundations
ACM Computing Surveys (CSUR)
ACM Transactions on Information and System Security (TISSEC)
On the Applicability of Trusted Computing in Distributed Authorization Using Web Services
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Secure mobile agent environments: modelling role assignments
International Journal of Electronic Security and Digital Forensics
Minimal credential disclosure in trust negotiations
Proceedings of the 4th ACM workshop on Digital identity management
Preventing conflict situations during authorization
WSEAS Transactions on Computers
Requirements of federated trust management for service-oriented architectures
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Managing trust in services oriented architectures
AIC'08 Proceedings of the 8th conference on Applied informatics and communications
Specification and enforcement of flexible security policy for active cooperation
Information Sciences: an International Journal
Trust negotiation: authorization for virtual organizations
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
ALOPA: Authorization Logic for Property Attestation in Trusted Platforms
ATC '09 Proceedings of the 6th International Conference on Autonomic and Trusted Computing
Qualitative trust dynamics algebra for trust management in pervasive computing environments
AIC'09 Proceedings of the 9th WSEAS international conference on Applied informatics and communications
A negotiation-based trust establishment service for CROWN grid
International Journal of Autonomous and Adaptive Communications Systems
Nonmonotonic Trust Management for P2P Applications
Electronic Notes in Theoretical Computer Science (ENTCS)
Dynamic security reconfiguration for the semantic web
Engineering Applications of Artificial Intelligence
An architectural description language for secure Multi-Agent Systems
Web Intelligence and Agent Systems
Regularity-based trust in cyberspace
iTrust'03 Proceedings of the 1st international conference on Trust management
An introduction to trust negotiation
iTrust'03 Proceedings of the 1st international conference on Trust management
Fidelis: a policy-driven trust management framework
iTrust'03 Proceedings of the 1st international conference on Trust management
Prototyping an armored data vault rights management on Big Brother's computer
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
An introduction to the role based trust management framework RT
Foundations of security analysis and design IV
A trust management model for PACS-grid
ICCSA'07 Proceedings of the 2007 international conference on Computational science and Its applications - Volume Part II
Rule-based policy representations and reasoning
Semantic techniques for the web
Privacy-preserving trust verification
Proceedings of the 15th ACM symposium on Access control models and technologies
Dynamic policy based model for trust based access control in P2P applications
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Resource management with X.509 inter-domain authorization certificates (InterAC)
EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
ABUSE: PKI for real-world email trust
EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
Expert Systems with Applications: An International Journal
Trust management methodologies for the web
RW'11 Proceedings of the 7th international conference on Reasoning web: semantic technologies for the web of data
Social-Compliance in Trust Management within Virtual Communities
WI-IAT '11 Proceedings of the 2011 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology - Volume 03
Towards automated evaluation of trust constraints
iTrust'06 Proceedings of the 4th international conference on Trust Management
Traust: a trust negotiation based authorization service
iTrust'06 Proceedings of the 4th international conference on Trust Management
On secure framework for web services in untrusted environment
OTM'05 Proceedings of the 2005 OTM Confederated international conference on On the Move to Meaningful Internet Systems
Synergy: a policy-driven, trust-aware information dissemination framework
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Managing trust in distributed agent systems
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
Distributed credential chain discovery in trust-management with parameterized roles
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
Privacy-Preserving trust negotiations
PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies
EDBT'04 Proceedings of the 2004 international conference on Current Trends in Database Technology
XML-Based revocation and delegation in a distributed environment
EDBT'04 Proceedings of the 2004 international conference on Current Trends in Database Technology
O2O: virtual private organizations to manage security policy interoperability
ICISS'06 Proceedings of the Second international conference on Information Systems Security
An approach to trust management challenges for critical infrastructures
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
VTrust: a trust management system based on a vector model of trust
ICISS'05 Proceedings of the First international conference on Information Systems Security
An adaptive and Socially-Compliant Trust Management System for virtual communities
Proceedings of the 27th Annual ACM Symposium on Applied Computing
A formal apparatus for modeling trust in computing environments
Mathematical and Computer Modelling: An International Journal
Enhancing directory virtualization to detect insider activity
Security and Communication Networks
Attacks on Confidentiality of Communications Between Stranger Organizations
International Journal of Knowledge-Based Organizations
| Hi-index | 0.00 |
The Internet enables connectivity between many strangers - entities that do not know each other. We present the Trust Policy Language (TPL), used to define the mapping of strangers to predefined business roles, based on certificates issued by third parties. TPL is expressive enough to allow complex policies, e.g. non-monotone (negative) certificates, while being simple enough to allow automated policy checking and processing. Issuers of certificates either are known in advance, or provide sufficient certificates to be considered a trusted authority according to the policy. This allows bottom-up, 驴grass roots驴 buildup of trust, as in the real world.We extend, rather than replace, existing role-based access control mechanisms. This provides a simple, modular architecture and easy migration from existing systems.Our system automatically collects missing certificates from peer servers. In particular, this allows use of standard browsers, which pass only one certificate to the server. We describe our implementation, which can be used as an extension of a web server or as a separate server with interface to applications.