Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation

Ting Yu, Marianne Winslett, Kent E. Seamons

Research output: Contribution to journalArticle

225 Citations (Scopus)

Abstract

Business and military partners, companies and their customers, and other closely cooperating parties may have a compelling need to conduct sensitive interactions on line, such as accessing each other's local services and other local resources. Automated trust negotiation is an approach to establishing trust between parties so that such interactions can take place, through the use of access control policies that specify what combinations of digital credentials a stranger must disclose to gain access to a local resource. A party can use many different strategies to negotiate trust, offering tradeoffs between the length of the negotiation, the amount of extraneous information disclosed, and the computational effort expended. To preserve parties' autonomy, each party should ideally be able to choose its negotiation strategy independently, while still being guaranteed that negotiations will succeed whenever possible - that the two parties' strategies will interoperate. In this paper we provide the formal underpinnings for that goal, by formalizing the concepts of negotiation protocols, strategies, and interoperation. We show how to model the information flow of a negotiation for use in analyzing strategy interoperation. We also present two large sets of strategies whose members all interoperate with one another, and show that these sets contain many practical strategies. We develop the theory for black-box propositional credentials as well as credentials with internal structure, and for access control policies whose contents are (respectively are not) sensitive. We also discuss how these results fit into TrustBuilder, our prototype system for trust negotiation.

Original languageEnglish
Pages (from-to)1-42
Number of pages42
JournalACM Transactions on Information and System Security
Volume6
Issue number1
DOIs
Publication statusPublished - 1 Feb 2003
Externally publishedYes

Fingerprint

Access control
Industry

Keywords

  • Access control
  • Automated trust negotiation
  • Digital credentials
  • Interoperable strategies

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. / Yu, Ting; Winslett, Marianne; Seamons, Kent E.

In: ACM Transactions on Information and System Security, Vol. 6, No. 1, 01.02.2003, p. 1-42.

Research output: Contribution to journalArticle

@article{c004241061204a9b846597d883a77b3f,
title = "Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation",
abstract = "Business and military partners, companies and their customers, and other closely cooperating parties may have a compelling need to conduct sensitive interactions on line, such as accessing each other's local services and other local resources. Automated trust negotiation is an approach to establishing trust between parties so that such interactions can take place, through the use of access control policies that specify what combinations of digital credentials a stranger must disclose to gain access to a local resource. A party can use many different strategies to negotiate trust, offering tradeoffs between the length of the negotiation, the amount of extraneous information disclosed, and the computational effort expended. To preserve parties' autonomy, each party should ideally be able to choose its negotiation strategy independently, while still being guaranteed that negotiations will succeed whenever possible - that the two parties' strategies will interoperate. In this paper we provide the formal underpinnings for that goal, by formalizing the concepts of negotiation protocols, strategies, and interoperation. We show how to model the information flow of a negotiation for use in analyzing strategy interoperation. We also present two large sets of strategies whose members all interoperate with one another, and show that these sets contain many practical strategies. We develop the theory for black-box propositional credentials as well as credentials with internal structure, and for access control policies whose contents are (respectively are not) sensitive. We also discuss how these results fit into TrustBuilder, our prototype system for trust negotiation.",
keywords = "Access control, Automated trust negotiation, Digital credentials, Interoperable strategies",
author = "Ting Yu and Marianne Winslett and Seamons, {Kent E.}",
year = "2003",
month = "2",
day = "1",
doi = "10.1145/605434.605435",
language = "English",
volume = "6",
pages = "1--42",
journal = "ACM Transactions on Information and System Security",
issn = "1094-9224",
publisher = "Association for Computing Machinery (ACM)",
number = "1",

}

TY - JOUR

T1 - Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation

AU - Yu, Ting

AU - Winslett, Marianne

AU - Seamons, Kent E.

PY - 2003/2/1

Y1 - 2003/2/1

N2 - Business and military partners, companies and their customers, and other closely cooperating parties may have a compelling need to conduct sensitive interactions on line, such as accessing each other's local services and other local resources. Automated trust negotiation is an approach to establishing trust between parties so that such interactions can take place, through the use of access control policies that specify what combinations of digital credentials a stranger must disclose to gain access to a local resource. A party can use many different strategies to negotiate trust, offering tradeoffs between the length of the negotiation, the amount of extraneous information disclosed, and the computational effort expended. To preserve parties' autonomy, each party should ideally be able to choose its negotiation strategy independently, while still being guaranteed that negotiations will succeed whenever possible - that the two parties' strategies will interoperate. In this paper we provide the formal underpinnings for that goal, by formalizing the concepts of negotiation protocols, strategies, and interoperation. We show how to model the information flow of a negotiation for use in analyzing strategy interoperation. We also present two large sets of strategies whose members all interoperate with one another, and show that these sets contain many practical strategies. We develop the theory for black-box propositional credentials as well as credentials with internal structure, and for access control policies whose contents are (respectively are not) sensitive. We also discuss how these results fit into TrustBuilder, our prototype system for trust negotiation.

AB - Business and military partners, companies and their customers, and other closely cooperating parties may have a compelling need to conduct sensitive interactions on line, such as accessing each other's local services and other local resources. Automated trust negotiation is an approach to establishing trust between parties so that such interactions can take place, through the use of access control policies that specify what combinations of digital credentials a stranger must disclose to gain access to a local resource. A party can use many different strategies to negotiate trust, offering tradeoffs between the length of the negotiation, the amount of extraneous information disclosed, and the computational effort expended. To preserve parties' autonomy, each party should ideally be able to choose its negotiation strategy independently, while still being guaranteed that negotiations will succeed whenever possible - that the two parties' strategies will interoperate. In this paper we provide the formal underpinnings for that goal, by formalizing the concepts of negotiation protocols, strategies, and interoperation. We show how to model the information flow of a negotiation for use in analyzing strategy interoperation. We also present two large sets of strategies whose members all interoperate with one another, and show that these sets contain many practical strategies. We develop the theory for black-box propositional credentials as well as credentials with internal structure, and for access control policies whose contents are (respectively are not) sensitive. We also discuss how these results fit into TrustBuilder, our prototype system for trust negotiation.

KW - Access control

KW - Automated trust negotiation

KW - Digital credentials

KW - Interoperable strategies

UR - http://www.scopus.com/inward/record.url?scp=1642327001&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=1642327001&partnerID=8YFLogxK

U2 - 10.1145/605434.605435

DO - 10.1145/605434.605435

M3 - Article

AN - SCOPUS:1642327001

VL - 6

SP - 1

EP - 42

JO - ACM Transactions on Information and System Security

JF - ACM Transactions on Information and System Security

SN - 1094-9224

IS - 1

ER -