Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation

Ting Yu, Marianne Winslett, Kent E. Seamons

Research output: Contribution to journalArticle

226 Citations (Scopus)


Business and military partners, companies and their customers, and other closely cooperating parties may have a compelling need to conduct sensitive interactions on line, such as accessing each other's local services and other local resources. Automated trust negotiation is an approach to establishing trust between parties so that such interactions can take place, through the use of access control policies that specify what combinations of digital credentials a stranger must disclose to gain access to a local resource. A party can use many different strategies to negotiate trust, offering tradeoffs between the length of the negotiation, the amount of extraneous information disclosed, and the computational effort expended. To preserve parties' autonomy, each party should ideally be able to choose its negotiation strategy independently, while still being guaranteed that negotiations will succeed whenever possible - that the two parties' strategies will interoperate. In this paper we provide the formal underpinnings for that goal, by formalizing the concepts of negotiation protocols, strategies, and interoperation. We show how to model the information flow of a negotiation for use in analyzing strategy interoperation. We also present two large sets of strategies whose members all interoperate with one another, and show that these sets contain many practical strategies. We develop the theory for black-box propositional credentials as well as credentials with internal structure, and for access control policies whose contents are (respectively are not) sensitive. We also discuss how these results fit into TrustBuilder, our prototype system for trust negotiation.

Original languageEnglish
Pages (from-to)1-42
Number of pages42
JournalACM Transactions on Information and System Security
Issue number1
Publication statusPublished - 1 Feb 2003


  • Access control
  • Automated trust negotiation
  • Digital credentials
  • Interoperable strategies

ASJC Scopus subject areas

  • Computer Science(all)
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation'. Together they form a unique fingerprint.

  • Cite this