Distributed Authorization by Multiparty Trust Negotiation
نویسندگان
چکیده
Automated trust negotiation (ATN) is a promising approach to establishing trust between two entities without any prior knowledge of each other. However, real-world authorization processes often involve online input from third parties, which ATN does not support. In this paper, we introduce multiparty trust negotiation (MTN) as a new approach to distributed authorization. We define a Datalog-based policy language, Distributed Authorization and Release Control Logic (DARCL), to specify both authorization and release control policies. DARCL suits the needs of MTN and can also serve as a powerful general-purpose policy language for authorization. To orchestrate the negotiation process among multiple parties without a centralized moderator, we propose the diffusion negotiation protocol, a set of message-passing conventions that allows parties to carry out a negotiation in a distributed fashion. Building on top of the diffusion negotiation protocol, we propose two negotiation strategies, both safe and complete, to drive MTN with different tradeoffs between privacy and negotiation speed.
منابع مشابه
Multiparty Trust Negotiation: A New Approach to Distributed Authorization
Automated trust negotiation (ATN) is a promising approach to establishing trust between two entities without any prior knowledge of each other. However, real-world authorization processes often involve online input from third parties, which ATN does not support. In this paper, we introduce multiparty trust negotiation (MTN) as a new approach to distributed authorization. We define a Datalog-bas...
متن کاملTowards Standards-Compliant Trust Negotiation for Web
Web services are a powerful distributed computing abstraction in that they enable users to develop workflows that incorporate data and information processing services located in multiple organizational domains. Fully realizing the potential of this computing paradigm requires a flexible authorization mechanism that can function correctly without a priori knowledge of the users in the system. Tr...
متن کاملTowards Standards-Compliant Trust Negotiation for Web Services (Extended Version)∗
Web services are a powerful distributed computing abstraction in that they enable users to develop workflows that incorporate data and information processing services located in multiple organizational domains. Fully realizing the potential of this computing paradigm requires a flexible authorization mechanism that can function correctly without a priori knowledge of the users in the system. Tr...
متن کاملPrevious and Ongoing Work
Broadly speaking, my research interests lie at the intersection of the computer security, privacy, and distributed systems disciplines. In particular, I am interested in systems that facilitate secure interactions across multiple security domains while still preserving each individual’s privacy and autonomy. For my dissertation, I have focused mainly on the systems challenges surrounding the ad...
متن کاملTowards Standards-Compliant Trust Negotiation for Web Services
Web services are a powerful distributed computing abstraction in that they enable users to develop workflows that incorporate data and information processing services located in multiple organizational domains. Fully realizing the potential of this computing paradigm requires a flexible authorization mechanism that can function correctly without a priori knowledge of the users in the system. Tr...
متن کامل