The Technology of Trust Credential Chain Discovery

Increased connectivity and data availability enable new ways of conducting business, but they also create new security vulnerabilities. For example, to streamline a financial transaction, an organization might want to give certain strangers — that is, parties from outside its security domain — access to some of its local resources. Before doing so, however, the organization must establish firm policies outlining the types of strangers who can access the resources, as well the types of data and services the organization will make available to them. Traditional access-control policies describe access conditions in terms that only apply to parties within the local security domain. Clearly, new kinds of accesscontrol policies are needed. Trust negotiation can allow strangers to access sensitive data and services on the Internet.1,2 Trust negotiation is the iterative disclosure of credentials and requests for credentials between two parties, with the goal of establishing sufficient trust so that the parties can complete a transaction. Trust negotiation should be ubiquitous: available anytime, anywhere, at all layers of software, wherever strangers might wish to interact, including mobile devices and intelligent environments. Traditional approaches to establishing trust either minimize security measures (for example, they do not verify credentials) or assume that the parties are not strangers and can present a local identity (login, capability, or credential) to obtain service. Trust management systems such as PolicyMaker,3 KeyNote,4 simple public key infrastructure/simple distributed security infrastructure (SPKI/SDSI),5 and Delegation Logic6 support delegation of authority, but are not helpful for establishing trust between strangers using generalpurpose credentials. Our system, TrustBuilder, supports automated trust negotiation between strangers on the Internet. TrustBuilder lets negotiating parties disclose relevant digital credentials and access-control policies and establish the trust necessary to complete their interaction (see the sidebar, “TrustBuilder in Action,” for an example scenario). TrustBuilder is intend-