Requirements for policy languages for trust negotiation

K. E. Seamons, M. Winslett, Ting Yu, B. Smith, E. Child, J. Jacobson, H. Mills, Lina Yu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

102 Citations (Scopus)

Abstract

In open systems like the Internet, traditional approaches to security based on identity do not provide a solution to the problem of establishing trust between strangers, because strangers do not share the same security domain. A new approach to establishing trust between strangers is trust negotiation, the bilateral exchange of digital credentials describing attributes of the negotiation participants. This approach relies on access control policies that govern access to protected resources by specifying credential combinations that must be submitted to obtain authorization. We describe a model for trust negotiation, focusing on the central role of policies. We delineate requirements for policy languages and runtime systems for trust negotiation, and evaluate four existing policy languages for trust management with respect to those requirements. We conclude with recommendations for extending existing policy languages or developing new policy languages to make them suitable for use in future trust negotiation systems.

Original languageEnglish
Title of host publicationProceedings - 3rd International Workshop on Policies for Distributed Systems and Networks, POLICY 2002
Pages68-79
Number of pages12
DOIs
Publication statusPublished - 1 Dec 2002
Externally publishedYes
Event3rd International Workshop on Policies for Distributed Systems and Networks, POLICY 2002 - Monterey, CA, United States
Duration: 5 Jun 20027 Jun 2002

Other

Other3rd International Workshop on Policies for Distributed Systems and Networks, POLICY 2002
CountryUnited States
CityMonterey, CA
Period5/6/027/6/02

Fingerprint

Open systems
Access control
Internet

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Control and Systems Engineering

Cite this

Seamons, K. E., Winslett, M., Yu, T., Smith, B., Child, E., Jacobson, J., ... Yu, L. (2002). Requirements for policy languages for trust negotiation. In Proceedings - 3rd International Workshop on Policies for Distributed Systems and Networks, POLICY 2002 (pp. 68-79). [1011295] https://doi.org/10.1109/POLICY.2002.1011295

Requirements for policy languages for trust negotiation. / Seamons, K. E.; Winslett, M.; Yu, Ting; Smith, B.; Child, E.; Jacobson, J.; Mills, H.; Yu, Lina.

Proceedings - 3rd International Workshop on Policies for Distributed Systems and Networks, POLICY 2002. 2002. p. 68-79 1011295.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Seamons, KE, Winslett, M, Yu, T, Smith, B, Child, E, Jacobson, J, Mills, H & Yu, L 2002, Requirements for policy languages for trust negotiation. in Proceedings - 3rd International Workshop on Policies for Distributed Systems and Networks, POLICY 2002., 1011295, pp. 68-79, 3rd International Workshop on Policies for Distributed Systems and Networks, POLICY 2002, Monterey, CA, United States, 5/6/02. https://doi.org/10.1109/POLICY.2002.1011295
Seamons KE, Winslett M, Yu T, Smith B, Child E, Jacobson J et al. Requirements for policy languages for trust negotiation. In Proceedings - 3rd International Workshop on Policies for Distributed Systems and Networks, POLICY 2002. 2002. p. 68-79. 1011295 https://doi.org/10.1109/POLICY.2002.1011295
Seamons, K. E. ; Winslett, M. ; Yu, Ting ; Smith, B. ; Child, E. ; Jacobson, J. ; Mills, H. ; Yu, Lina. / Requirements for policy languages for trust negotiation. Proceedings - 3rd International Workshop on Policies for Distributed Systems and Networks, POLICY 2002. 2002. pp. 68-79
@inproceedings{d09b0e7519434a7486fff83fbe576ebd,
title = "Requirements for policy languages for trust negotiation",
abstract = "In open systems like the Internet, traditional approaches to security based on identity do not provide a solution to the problem of establishing trust between strangers, because strangers do not share the same security domain. A new approach to establishing trust between strangers is trust negotiation, the bilateral exchange of digital credentials describing attributes of the negotiation participants. This approach relies on access control policies that govern access to protected resources by specifying credential combinations that must be submitted to obtain authorization. We describe a model for trust negotiation, focusing on the central role of policies. We delineate requirements for policy languages and runtime systems for trust negotiation, and evaluate four existing policy languages for trust management with respect to those requirements. We conclude with recommendations for extending existing policy languages or developing new policy languages to make them suitable for use in future trust negotiation systems.",
author = "Seamons, {K. E.} and M. Winslett and Ting Yu and B. Smith and E. Child and J. Jacobson and H. Mills and Lina Yu",
year = "2002",
month = "12",
day = "1",
doi = "10.1109/POLICY.2002.1011295",
language = "English",
isbn = "0769516114",
pages = "68--79",
booktitle = "Proceedings - 3rd International Workshop on Policies for Distributed Systems and Networks, POLICY 2002",

}

TY - GEN

T1 - Requirements for policy languages for trust negotiation

AU - Seamons, K. E.

AU - Winslett, M.

AU - Yu, Ting

AU - Smith, B.

AU - Child, E.

AU - Jacobson, J.

AU - Mills, H.

AU - Yu, Lina

PY - 2002/12/1

Y1 - 2002/12/1

N2 - In open systems like the Internet, traditional approaches to security based on identity do not provide a solution to the problem of establishing trust between strangers, because strangers do not share the same security domain. A new approach to establishing trust between strangers is trust negotiation, the bilateral exchange of digital credentials describing attributes of the negotiation participants. This approach relies on access control policies that govern access to protected resources by specifying credential combinations that must be submitted to obtain authorization. We describe a model for trust negotiation, focusing on the central role of policies. We delineate requirements for policy languages and runtime systems for trust negotiation, and evaluate four existing policy languages for trust management with respect to those requirements. We conclude with recommendations for extending existing policy languages or developing new policy languages to make them suitable for use in future trust negotiation systems.

AB - In open systems like the Internet, traditional approaches to security based on identity do not provide a solution to the problem of establishing trust between strangers, because strangers do not share the same security domain. A new approach to establishing trust between strangers is trust negotiation, the bilateral exchange of digital credentials describing attributes of the negotiation participants. This approach relies on access control policies that govern access to protected resources by specifying credential combinations that must be submitted to obtain authorization. We describe a model for trust negotiation, focusing on the central role of policies. We delineate requirements for policy languages and runtime systems for trust negotiation, and evaluate four existing policy languages for trust management with respect to those requirements. We conclude with recommendations for extending existing policy languages or developing new policy languages to make them suitable for use in future trust negotiation systems.

UR - http://www.scopus.com/inward/record.url?scp=84893105662&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84893105662&partnerID=8YFLogxK

U2 - 10.1109/POLICY.2002.1011295

DO - 10.1109/POLICY.2002.1011295

M3 - Conference contribution

AN - SCOPUS:84893105662

SN - 0769516114

SN - 9780769516110

SP - 68

EP - 79

BT - Proceedings - 3rd International Workshop on Policies for Distributed Systems and Networks, POLICY 2002

ER -