TY - GEN
T1 - Requirements for policy languages for trust negotiation
AU - Seamons, K. E.
AU - Winslett, M.
AU - Yu, Ting
AU - Smith, B.
AU - Child, E.
AU - Jacobson, J.
AU - Mills, H.
AU - Yu, Lina
PY - 2002
Y1 - 2002
N2 - In open systems like the Internet, traditional approaches to security based on identity do not provide a solution to the problem of establishing trust between strangers, because strangers do not share the same security domain. A new approach to establishing trust between strangers is trust negotiation, the bilateral exchange of digital credentials describing attributes of the negotiation participants. This approach relies on access control policies that govern access to protected resources by specifying credential combinations that must be submitted to obtain authorization. We describe a model for trust negotiation, focusing on the central role of policies. We delineate requirements for policy languages and runtime systems for trust negotiation, and evaluate four existing policy languages for trust management with respect to those requirements. We conclude with recommendations for extending existing policy languages or developing new policy languages to make them suitable for use in future trust negotiation systems.
AB - In open systems like the Internet, traditional approaches to security based on identity do not provide a solution to the problem of establishing trust between strangers, because strangers do not share the same security domain. A new approach to establishing trust between strangers is trust negotiation, the bilateral exchange of digital credentials describing attributes of the negotiation participants. This approach relies on access control policies that govern access to protected resources by specifying credential combinations that must be submitted to obtain authorization. We describe a model for trust negotiation, focusing on the central role of policies. We delineate requirements for policy languages and runtime systems for trust negotiation, and evaluate four existing policy languages for trust management with respect to those requirements. We conclude with recommendations for extending existing policy languages or developing new policy languages to make them suitable for use in future trust negotiation systems.
UR - http://www.scopus.com/inward/record.url?scp=84893105662&partnerID=8YFLogxK
U2 - 10.1109/POLICY.2002.1011295
DO - 10.1109/POLICY.2002.1011295
M3 - Conference contribution
AN - SCOPUS:84893105662
SN - 0769516114
SN - 9780769516110
T3 - Proceedings - 3rd International Workshop on Policies for Distributed Systems and Networks, POLICY 2002
SP - 68
EP - 79
BT - Proceedings - 3rd International Workshop on Policies for Distributed Systems and Networks, POLICY 2002
T2 - 3rd International Workshop on Policies for Distributed Systems and Networks, POLICY 2002
Y2 - 5 June 2002 through 7 June 2002
ER -