Regulating service access and information release on the Web
Proceedings of the 7th ACM conference on Computer and communications security
Communications of the ACM
Heterogeneous networking: a new survivability paradigm
Proceedings of the 2001 workshop on New security paradigms
ACM Transactions on Information and System Security (TISSEC)
IEEE Internet Computing
HPDC '03 Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing
X -TNL: An XML-based Language for Trust Negotiations
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
An Online Credential Repository for the Grid: MyProxy
HPDC '01 Proceedings of the 10th IEEE International Symposium on High Performance Distributed Computing
Towards Practical Automated Trust Negotiation
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
A Community Authorization Service for Group Collaboration
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Automated Trust Negotiation
Trust-X: A Peer-to-Peer Framework for Trust Establishment
IEEE Transactions on Knowledge and Data Engineering
Cassandra: Distributed Access Control Policies with Tunable Expressiveness
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Content-triggered trust negotiation
ACM Transactions on Information and System Security (TISSEC)
A logic-based framework for attribute based access control
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
On achieving software diversity for improved network security using distributed coloring algorithms
Proceedings of the 11th ACM conference on Computer and communications security
Adaptive trust negotiation and access control
Proceedings of the tenth ACM symposium on Access control models and technologies
CPOL: high-performance policy evaluation
Proceedings of the 12th ACM conference on Computer and communications security
PeerAccess: a logic for distributed authorization
Proceedings of the 12th ACM conference on Computer and communications security
Interactive credential negotiation for stateful business processes
iTrust'05 Proceedings of the Third international conference on Trust Management
PP-trust-X: A system for privacy preserving trust negotiations
ACM Transactions on Information and System Security (TISSEC)
Dynamic trust negotiation for flexible e-health collaborations
Proceedings of the 15th ACM Mardi Gras conference: From lightweight mash-ups to lambda grids: Understanding the spectrum of distributed computing requirements, applications, tools, infrastructures, interoperability, and the incremental adoption of key capabilities
A Trust- and Property-based Access Control Model
Electronic Notes in Theoretical Computer Science (ENTCS)
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations
SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
Minimal credential disclosure in trust negotiations
Proceedings of the 4th ACM workshop on Digital identity management
Toward an On-Demand Restricted Delegation Mechanism for Grids
GRID '06 Proceedings of the 7th IEEE/ACM International Conference on Grid Computing
Modeling and negotiating service quality
Service research challenges and solutions for the future internet
| Hi-index | 0.00 |
In recent years, trust negotiation (TN) has been proposed as a novel access control solution for use in open system environments in which resources are shared across organizational boundaries. Researchers have shown that TN is indeed a viable solution for these environments by developing a number of policy languages and strategies for TN which have desirable theoretical properties. Further, existing protocols, such as TLS, have been altered to interact with prototype TN systems, thereby illustrating the utility of TN. Unfortunately, modifying existing protocols is often a time-consuming and bureaucratic process which can hinder the adoption of this promising technology.In this paper, we present Traust, a third-party authorization service that leverages the strengths of existing proto-type TN systems. Traust acts as an authorization broker that issues access tokens for resources in an open system after entities use TN to satisfy the appropriate resource access policies. The Traust architecture was designed to allow Traust to be integrated either directly with newer trust-aware applications or indirectly with existing legacy applications; this exibility paves the way for the incremental adoption of TN technologies without requiring widespread software or protocol upgrades. We discuss the design and implementation of Traust, the communication protocol used by the Traust system, and its performance. We also discuss our experiences using Traust to broker access to legacy resources, our proposal for a Traust-aware version of the GridFTP protocol, and Traust's resilience to attack.