Abstract
Interactive access control allows a server to compute on the fly missing credentials needed to grant access and to adapt its responses on the basis of client's presented and declined credentials. Yet, it may disclose too much information on what credentials a client needs. Automated trust negotiation allows for a controlled disclosure on what credentials a client has during a mutual disclosure process. Yet, it requires pre-arranged policies and sophisticated strategies. How do we bootstrap from simple security policies a comprehensive interactive trust management and negotiation scheme that combines the best of both worlds without their limitations? This is the subject of the paper.
This work is partially funded by the IST programme of the EU Commission FET under the IST-2001-37004 WASP project and by the FIRB programme of MIUR under the RBNE0195K5 ASTRO Project and RBAU01P5SS Project.
Chapter PDF
Similar content being viewed by others
Keywords
References
Benatallah, B., Casati, F., and Toumani, F. Web service conversation modeling: a cornerstone for e-business automation. IEEE Internet Computing 8,1 (Jan/Feb 2004), 46–54.
Blaze, M., Feigenbaum, J., Ioannidis, J., and Keromytis, A. The KeyNote Trust-Management System Version 2, 1999. RFC 2704.
Blaze, M., Feigenbaum, J., and Lacy, J. Decentralized trust management. In Proc. of IEEE Symposium on Security and Privacy (1996), pp. 164–173.
Chadwick, D. W., and Otenko, A. The PERMIS X.509 role-based privilege management infrastructure. In 7th ACM SACMAT (2002), pp. 135–140.
Francisco Curbera, et al. Business Process Execution Language for Web Services (BPEL4WS). BEA, IBM, Microsoft, May 2003. http://www-106.ibm.com/developerworks/webservices/library/ws-bpel/.
ITU-T Recommendation X.509:2000(E) | ISO/IEC 9594-8:2001 (E). The directory: Public-key and attribute certificate frameworks.
Koshutanski, H., and Massacci, F. Interactive access control for Web Services. In 19th IFIP Information Security Conference (SEC 2004), pp. 150–166.
Koshutanski, H., and Massacci, F. A logical model for security of Web services. Tech. rep., 1st International Workshop on Formal Aspects of Security and Trust (FAST), Pisa, Italy, September 2003.
Li, N., and Mitchell, J. C. RT: A role-based trust-management framework. In Proc. of 3rd DARPA Information Survivability Conference and Exposition (DISCEX III) (Los Alamitos, California, April 2003), pp. 201–212.
Wahl, M., Howes, T., and Kille, S. Lightweight Directory Access Protocol (v3), December 1997. RFC 2251.
Winslett M, et al. Negotiating trust in the Web. IEEE Internet Computing 6,6 (Nov/Dec 2002), 30–37.
Yu, T., Winslett, M., and Seamons, K. E. Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM TISSEC 6,1 (2003), 1–42.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this paper
Cite this paper
Koshutanski, H., Massacci, F. (2005). An Interactive Trust Management and Negotiation Scheme. In: Dimitrakos, T., Martinelli, F. (eds) Formal Aspects in Security and Trust. IFIP WCC TC1 2004. IFIP International Federation for Information Processing, vol 173. Springer, Boston, MA. https://doi.org/10.1007/0-387-24098-5_9
Download citation
DOI: https://doi.org/10.1007/0-387-24098-5_9
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-24050-3
Online ISBN: 978-0-387-24098-5
eBook Packages: Computer ScienceComputer Science (R0)