An Interactive Trust Management and Negotiation Scheme
نویسندگان
چکیده
Interactive access control allows a server to compute on the fly missing credentials needed to grant access and to adapt its responses on the basis of client’s presented and declined credentials. Yet, it may disclose too much information on what credentials a client needs. Automated trust negotiation allows for a controlled disclosure on what credentials a client has during a mutual disclosure process. Yet, it requires pre-arranged policies and sophisticated strategies. How do we bootstrap from simple security policies a comprehensive interactive trust management and negotiation scheme that combines the best of both worlds without their limitations? This is the subject of the paper.
منابع مشابه
A Unified Scheme for Resource Protection in Automated Trust Negotiation
Automated trust negotiation is an approach to establishing trust between strangers through iterative disclosure of digital credentials. In automated trust negotiation, access control policies play a key role in protecting resources from unauthorized access. Unlike in traditional trust management systems, the access control policy for a resource is usually unknown to the party requesting access ...
متن کاملPrivacy Enhanced Automated Trust Negotiation
Li, Jiangtao. Ph.D., Purdue University, May, 2006. Privacy Enhanced Automated Trust Negotiation. Major Professors: Mikhail J. Atallah and Ninghui Li. In automated trust negotiation, two parties exchange digitally signed credentials that contain attribute information to establish trust and make access control decisions. Because the information in question is often sensitive, credentials are prot...
متن کاملA Novel Trust Management Model in the Social Internet of Things
The Internet of Things (IoT) and social networking integration, create a new concept named Social Internet of Things (SIoT) according to which the things are able to autonomously establish social relationships with regard to the owners. Things in SIoT operate according to a service-oriented architecture. There may be misbehaving owners and consequently misbehaving devices that can perform harmf...
متن کاملInteractive Credential Negotiation for Stateful Business Processes
Business Processes for Web Services are the new paradigm for lightweight enterprise integration. They cross organizational boundaries, are provided by entities that see each other just as business partners, and require access control mechanisms based on trust management. Stateful Business Processes, enforcing separation of duties or service limitations based on past or current usage, pose addit...
متن کاملTrust Management and Trust Negotiation in an Extension of SQL
Security policies of large organizations cannot be expressed in the access control policy language defined by the SQL standard and provided by widely used relational database systems, because that language does not support the decentralized policies that are common in large organizations. Trust management frameworks support decentralized policies but generally have not been designed to integrat...
متن کامل