Abstract
In this demonstration, we present Traust, a flexible authorization service for open systems. Traust uses the technique of trust negotiation to map globally meaningful assertions regarding a previously unknown client into security tokens that are meaningful to resources deployed in the Traust service’s security domain. This system helps preserve the privacy of both users and the service, while at the same time automating interactions between security domains that would previously have required human intervention (e.g., the establishment of local accounts). We will demonstrate how the Traust service enables the use of trust negotiation to broker access to resources in open systems without requiring changes to protocol standards or applications software.
This work was supported by the NSF under grants IIS-0331707, CNS-0325951, and CNS-0524695 and by NCSA. Lee was also supported by a Motorola Center for Communications Graduate Fellowship.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Herzberg, A., Mihaeli, J., Mass, Y., Naor, D., Ravid, Y.: Access control meets public key infrastructure, or: Assigning roles to strangers. In: IEEE Symposium on Security and Privacy (May 2000)
Hess, A., Holt, J., Jacobson, J., Seamons, K.E.: Content-triggered trust negotiation. ACM Transactions on Information System Security 7(3) (August 2004)
Hess, A., Jacobson, J., Mills, H., Wamsley, R., Seamons, K.E., Smith, B.: Advanced client/server authentication in TLS. In: Network and Distributed Systems Security Symposium (February 2002)
Housely, R., Ford, W., Polk, W., Solo, D.: Internet X.509 public key infrastructure certificate and CRL profile. RFC 2459 (January 1999)
Kohl, J., Neuman, C.: The Kerberos network authentication service (V5). RFC 1510 (September 1993)
Koshutanski, H., Massacci, F.: Interactive trust management and negotiation scheme. In: 2nd International Workshop on Formal Aspects in Security and Trust (FAST), pp. 139–152 (August 2004)
Li, N., Mitchell, J.: RT: A role-based trust-management framework. In: Third DARPA Information Survivability Conference and Exposition (April 2003)
Novotny, J., Tuecke, S., Welch, V.: An online credential repository for the grid: MyProxy. In: Tenth International Symposium on High Performance Distributed Computing (HPDC-10) (August 2001)
van der Horst, T., Sundelin, T., Seamons, K.E., Knutson, C.D.: Mobile trust negotiation: Authentication and authorization in dynamic mobile networks. In: Eigth IFIP Conference on Communications and Multimedia Security (September 2004)
Winsborough, W.H., Seamons, K.E., Jones, V.E.: Automated trust negotiation. In: DARPA Information Survivability Conference and Exposition (January 2000)
Winslett, M., Yu, T., Seamons, K.E., Hess, A., Jacobson, J., Jarvis, R., Smith, B., Yu, L.: The TrustBuilder architecture for trust negotiation. IEEE Internet Computing 6(6), 30–37 (2002)
Yu, T., Winslett, M., Seamons, K.E.: Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Transactions on Information and System Security 6(1) (February 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lee, A.J., Winslett, M., Basney, J., Welch, V. (2006). Traust: A Trust Negotiation Based Authorization Service. In: Stølen, K., Winsborough, W.H., Martinelli, F., Massacci, F. (eds) Trust Management. iTrust 2006. Lecture Notes in Computer Science, vol 3986. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11755593_36
Download citation
DOI: https://doi.org/10.1007/11755593_36
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34295-3
Online ISBN: 978-3-540-34297-7
eBook Packages: Computer ScienceComputer Science (R0)