Trust Management on the World Wide Web
نویسندگان
چکیده
Digital signatures alone are not sufficient for code signing and other Web applications: Signatures can solve the problems of message integrity and authentication, but they do not adequately address more general notions of security and trust. These applications require not only cryptographic tools for determining authenticity and message integrity but also a robust notion of "security policy" and a way to decide whether a request for action complies with a policy. For example, in a code-signing application, a user's security policy must state the properties that the code is required to have in order to be considered "safe" in the user's environment. Similarly, the entity signing the code must state precisely what properties he claims the code has. My thesis will identify what trust management is in the context of the World Wide Web and propose a general architecture to close the gap between trust and cryptography. I will describe two specific languages for describing trust policies and a general mechanism for evaluating whether a request for action complies with policy. Thesis Supervisor Title Affiliation Dr. Joan Feigenbaum Technology Consultant AT&T Labs--Research Dr. James S. Miller Technology and The World Wide Web Consortium, Society Domain Leader MIT Laboratory for Computer Science
منابع مشابه
How to Exploit Ontologies in Trust Negotiation
The World Wide Web makes it easy to share information and resources, but offers few ways to limit the manner in which these resources are shared. The specification and automated enforcement of security-related policies offer promise as a way of providing controlled sharing, but few tools are available to assist in policy specification and management, especially in an open system such as the Web...
متن کاملSWP 2002 / 05 Trust on the World Wide Web : A Study of Consumer Perception
Increasing use of the World Wide Web as a B2C commercial tool raises interest in understanding the key issues in building relationships with customers on the Internet; among them, trust is believed to be the key to the relationship. Given the differences between a virtual and a conventional marketplace, antecedents and consequences of trust merit re-examination. This research identifies a numbe...
متن کاملSeparating Between Trust and Access Control Policies: A necessity for Web Applications
As Security is the key of success for Web Applications most of the efforts that have been put in this domain have focused on wining users’ trust to adopt the Web environment for their business operations. Although user trust is of paramount importance for Web applications, one also needs to consider Web applications trust towards users here after referred to as user trustworthiness. This paper ...
متن کاملA Literature Review on Trust Management in Web Services Access Control
Web Service is a reusable component which has set of related functionalities that service requesters can programmatically access from the service provider and manipulate through the Web. One of the main security issue is to secure web services from the malicious requesters. Since trust plays an important role in many kinds of human communication, it allows people to work under insecurity and wi...
متن کاملHow to Exploit Ontologies for Trust Negotiation
The World Wide Web makes it easy to share information and resources, but offers few ways to limit the manner in which these resources are shared. The specification and automated enforcement of security-related policies offer promise as a way of providing controlled sharing, but few tools are available to assist in policy specification and management, especially in an open system such as the Web...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Computer Networks
دوره 30 شماره
صفحات -
تاریخ انتشار 1998