Privacy-Preserving Trust Negotiations

  • E. Bertino
  • E. Ferrari
  • A. C. Squicciarini
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3424)


Trust negotiation is a promising approach for establishing trust in open systems, where sensitive interactions may often occur between entities with no prior knowledge of each other. Although several proposals today exist of systems for the management of trust negotiations none of them addresses in a comprehensive way the problem of privacy preservation. Privacy is today one of the major concerns of users exchanging information through the Web and thus we believe that trust negotiation systems must effectively address privacy issues to be widely acceptable. For these reasons, in this paper we investigate privacy in the context of trust negotiations. More precisely, we propose a set of privacy preserving features to be included in any trust negotiation system, such as the support for the P3P standard, as well as different formats to encode credentials.


Privacy Policy Sensitive Attribute Negotiation System Disclosure Policy Compliance Checker 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Westin, A.F.: Privacy and Freedom, Atheneum, New York (1967)Google Scholar
  2. 2.
    Winsborough, W.H., Li, N.: Protecting sensitive attributes in automated trust negotiation. In: ACM Workshop on Privacy in the Electronic Society (2002)Google Scholar
  3. 3.
    Winslett, M., et al.: Negotiating Trust on The Web. IEEE Internet Computing 6(6), 30–37 (2002)CrossRefGoogle Scholar
  4. 4.
    Agraval, R., Kiernan, J., Srikant, R., Yu, X.: Implementing P3P using database technology. In: 19th International Conference on Data Engineering, Bangalore, India (2003)Google Scholar
  5. 5.
    Cranor, L., Langheirich, M., Marchiori, M.: The Platform for Privacy Preferences 1.0 (p3p1.0) specification, W3C Reccomandation (2002),
  6. 6.
    Cranor, L., Langheirich, M., Marchiori, M.: A P3P Preference Exchange Language 1.0 (appel1.0) W3C Working Draft (2002)Google Scholar
  7. 7.
    Bonatti, P., Samarati, P.: Regulating Access Services and Information Release on the Web. In: 7th ACM Conference on Computer and Communications Security, Athens, Greece (2000)Google Scholar
  8. 8.
    Herzberg, A., Mihaeli, et al.: Access Control meets Public Key Infrastructure, or: Assigning Roles to Strangers. In: IEEE Symposium on Security and Privacy, Oakland, CA (2000)Google Scholar
  9. 9.
    Seamons, K.E., Winslett, M., Yu, T.: Limiting the disclosure of Access Control Policies during Automated Trust Negotiation. Network and Distributed System Security Simposium, San Diego, CA (2001)Google Scholar
  10. 10.
    Yu, T., Winslett, M.: A Unified Scheme for Resource protection in Automated Trust Negotiation. In: IEEE Symposium on Security and Privacy, Oakland, CA (2003)Google Scholar
  11. 11.
    Winsborough, W., Li, N.: Towards Practical Automated Trust Negotiation (2002)Google Scholar
  12. 12.
    Bertino, E., Ferrari, E., Squicciarini, A.: Trust-X - a Peer to Peer Framework for Trust Establishment. In: IEEE TKDE, Transactions on Knowledge and Data Engineering (2004) (to appear)Google Scholar
  13. 13.
    Seamons, K.E., Winslett, M., Yu, T.: Protecting privacy during on line trust negotiation. In: 2nd Workshop on Privacy Enhancing Technologies, San Francisco, CA (2002)Google Scholar
  14. 14.
    Brands, S.: Rethinking Public Key Infrastructure and Digital Credentials. MIT Press, Cambridge (2000)Google Scholar
  15. 15.
    Herzberg, A., Mass, Y.: Relying Party Credentials Framework. In: RSA Conference, San Francisco, CA (2001)Google Scholar
  16. 16.
    Bertino, E., Ferrari, E., Squicciarini, A.: X-TNL - an XML based language for trust negotiations. In: Fourth IEEE International Workshop on Policies for Distributed Systems and Networks, Como, Italy (2003)Google Scholar
  17. 17.
    Naor, M.: Bit commitment using pseudorandomness. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 128–136. Springer, Heidelberg (1990)Google Scholar
  18. 18.
    Persiano, P., Visconti, I.: User Privacy Issues Regarding Certificates and the TLS Protocol. In: Proceedings of the ACM Conference on Computer and Communication Security, Athens, Greece (2000)Google Scholar
  19. 19.
    Jarvis, R.: Selective disclosure of credential content during trust negotiation, Master of Science Thesis, Brigham Young University, Provo, Utah (2003)Google Scholar
  20. 20.
    World Wide Web Consortium: Extensible markup language (xml) 1.0 (1998), Available at,
  21. 21.
    World Wide Web Consortium (Uniform resource identifiers, naming and addressing: Uris, urls, ...) Available at,
  22. 22.
    Agraval, R., Kiernan, J., Srikant, R., Xu, Y.: An X-Path based preference language for P3P. In: Twelfth International World Wide Web Conference, Budapest, Hungary (2003)Google Scholar
  23. 23.
    World Wide Web Consortium (References for p3p implementation) Available at,
  24. 24.
    IBM: (Ibm tivoli privacy wizard) Available at, http://www.tivoli.resource_center/maximize/privacy/wizard_code.htmlGoogle Scholar
  25. 25.
    Center, J.J.R.: Jrc p3p resource centre (2002), Available at,
  26. 26.
    World Wide Web Consortium: P3p- the Platform for Privacy Preferences, version 1.1 (2003), Available at,
  27. 27.
    World Wide Web Consortium: Xsl transformations (xslt). version 1.0 w3c recommendation (1999), Available at,

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • E. Bertino
    • 1
  • E. Ferrari
    • 2
  • A. C. Squicciarini
    • 3
  1. 1.CERIAS and Computer Science DepartmentPurdue UniversityWest LafayetteUSA
  2. 2.Dipartimento di Scienze della Cultura, Politiche e InformazioneUniversitá degli Studi dell’InsubriaComo
  3. 3.Dipartimento di Informatica e ComunicazioneUniversitá degli Studi di MilanoMilano

Personalised recommendations