Authors : Ting Yu , Marianne Winslett , Kent E. Seamons Authors Info & Claims
Pages 146 - 155 Published : 05 November 2001 Publication History 66 citation 971 Downloads Total Citations 66 Total Downloads 971 Last 12 Months 10 Last 6 weeks 1 Get Citation AlertsThis alert has been successfully added and will be sent to: You will be notified whenever a record that you have chosen has been cited.
To manage your alert preferences, click on the button below. Manage my AlertsAutomated trust negotiation is an approach to establishing trust between strangers through the exchange of digital credentials and the use of access control policies that specify what combinations of credentials a stranger must disclose in order to gain access to each local service or credential. We introduce the concept of a trust negotiation protocol, which defines the ordering of messages and the type of information messages will contain. To carry out trust negotiation, a party pairs its negotiation protocol with a trust negotiation strategy that controls the exact content of the messages, i.e., which credentials to disclose, when to disclose them, and when to terminate a negotiation. There are a huge number of possible strategies for negotiating trust, each with different properties with respect to speed of negotiations and caution in giving out credentials and policies. In the autonomous world of the Internet, entities will want the freedom to choose negotiation strategies that meet their own goals, which means that two strangers who negotiate trust will often not use the same strategy. To date, only a tiny fraction of the space of possible negotiation strategies has been explored, and no two of the strategies proposed so far will interoperate. In this paper, we define a large set of strategies called the disclosure tree strategy (DTS) family. Then we prove that if two parties each choose strategies from the DTS family, then they will be able to negotiate trust as well as if they were both using the same strategy. Further, they can change strategies at any point during negotiation. We also show that the DTS family is closed, i.e., any strategy that can interoperate with every strategy in the DTS family must also be a member of the DTS family. We also give examples of practical strategies that belong to the DTS family and fit within the TrustBuilder architecture and protocol for trust negotiation.
K.R.Apt,D.S.Warren,and M.Truszczynski (editor).The Logic Programming Paradigm:A 25-Year Perspective .Springer-Verlag,1999.]]
M.Blaze,J.Feigenbaum,J.Ioannidis,and A.Keromytis.The KeyNote Trust Management System Version 2.In Internet Draft RFC 2704, September 1999.]]
M.Blaze,J.Feigenbaum,and A.D.Keromytis. KeyNote:Trust Management for Public-Key Infrastructures.In Security Protocols Workshop, Cambridge,UK,1998.]]
P.Bonatti and P.Samarati.Regulating Service Access and Information Release on the Web.In Conference on Computer and Communications Security,Athens, November 2000.]]
T.Dierks and C.Allen.The TLS Protocol Version 1.0. In http://www.ietf.org/rfc/rfc2246.txt,January 1999.]]
S.Farrell.TLS Extension for Attribute Certi .cate Based Authorization.In http://www.ietf.org/internetdrafts/draft-ietf-tls-attr-cert-01.txt,August 1998.]]
A.Frier,P.Karlton,and P.Kocher.The SSL 3.0 Protocol .Netscape Communications Corp.,November 1996.]]A.Herzberg,J.Mihaeli,Y.Mass,D.Naor,and Y.Ravid.Access Control Meets Public Key Infrastructure,Or:Assigning Roles to Strangers.In IEEE Symposium on Security and Privacy,Oakland, CA,May 2000.]]
http://www.ietf.org/html.charters/spki-charter.html. Simple Public Key Infrastructure (SPKI).]]International Telecommunication Union.Rec.X.509 - Information Technology -Open Systems Interconnection -The Directory:Authentication Framework,August 1997.]]
W.Johnson,S.Mudumbai,and M.Thompson. Authorization and Attribute Certi .cates for Widely Distributed Access Control.In IEEE International Workshop on Enabling Technologies:Infrastructure for Collaborative Enterprises,1998.]]
K.Seamons,M.Winslett,and T.Yu.Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation.In Network and Distributed System Security Symposium,San Diego, CA,April 2001.]]
W3C, http://www.w3.org/TR/WD-P3P/Overview.html. Platform for Privacy Preferences (P3P)Speci .cation .]]
W.Winsborough,K.Seamons,and V.Jones. Automated Trust Negotiation.In DARPA Information Survivability Conference and Exposition, Hilton Head,SC,January 2000.]]
T.Yu,X.Ma,and M.Winslett.PRUNES:An E .cient and Complete Strategy for Automated Trust Negotiation over the Internet.In Conference on Computer and Communication Security,Athens, Greece,November 2000.]]
