Advertisement

Traust: A Trust Negotiation Based Authorization Service

  • Adam J. Lee
  • Marianne Winslett
  • Jim Basney
  • Von Welch
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3986)

Abstract

In this demonstration, we present Traust, a flexible authorization service for open systems. Traust uses the technique of trust negotiation to map globally meaningful assertions regarding a previously unknown client into security tokens that are meaningful to resources deployed in the Traust service’s security domain. This system helps preserve the privacy of both users and the service, while at the same time automating interactions between security domains that would previously have required human intervention (e.g., the establishment of local accounts). We will demonstrate how the Traust service enables the use of trust negotiation to broker access to resources in open systems without requiring changes to protocol standards or applications software.

Keywords

Security Domain Trust Negotiation Digital Credential Authorization Decision Authorization Service 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Herzberg, A., Mihaeli, J., Mass, Y., Naor, D., Ravid, Y.: Access control meets public key infrastructure, or: Assigning roles to strangers. In: IEEE Symposium on Security and Privacy (May 2000)Google Scholar
  2. 2.
    Hess, A., Holt, J., Jacobson, J., Seamons, K.E.: Content-triggered trust negotiation. ACM Transactions on Information System Security 7(3) (August 2004)Google Scholar
  3. 3.
    Hess, A., Jacobson, J., Mills, H., Wamsley, R., Seamons, K.E., Smith, B.: Advanced client/server authentication in TLS. In: Network and Distributed Systems Security Symposium (February 2002)Google Scholar
  4. 4.
    Housely, R., Ford, W., Polk, W., Solo, D.: Internet X.509 public key infrastructure certificate and CRL profile. RFC 2459 (January 1999)Google Scholar
  5. 5.
    Kohl, J., Neuman, C.: The Kerberos network authentication service (V5). RFC 1510 (September 1993)Google Scholar
  6. 6.
    Koshutanski, H., Massacci, F.: Interactive trust management and negotiation scheme. In: 2nd International Workshop on Formal Aspects in Security and Trust (FAST), pp. 139–152 (August 2004)Google Scholar
  7. 7.
    Li, N., Mitchell, J.: RT: A role-based trust-management framework. In: Third DARPA Information Survivability Conference and Exposition (April 2003)Google Scholar
  8. 8.
    Novotny, J., Tuecke, S., Welch, V.: An online credential repository for the grid: MyProxy. In: Tenth International Symposium on High Performance Distributed Computing (HPDC-10) (August 2001)Google Scholar
  9. 9.
    van der Horst, T., Sundelin, T., Seamons, K.E., Knutson, C.D.: Mobile trust negotiation: Authentication and authorization in dynamic mobile networks. In: Eigth IFIP Conference on Communications and Multimedia Security (September 2004)Google Scholar
  10. 10.
    Winsborough, W.H., Seamons, K.E., Jones, V.E.: Automated trust negotiation. In: DARPA Information Survivability Conference and Exposition (January 2000)Google Scholar
  11. 11.
    Winslett, M., Yu, T., Seamons, K.E., Hess, A., Jacobson, J., Jarvis, R., Smith, B., Yu, L.: The TrustBuilder architecture for trust negotiation. IEEE Internet Computing 6(6), 30–37 (2002)CrossRefGoogle Scholar
  12. 12.
    Yu, T., Winslett, M., Seamons, K.E.: Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Transactions on Information and System Security 6(1) (February 2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Adam J. Lee
    • 1
  • Marianne Winslett
    • 1
  • Jim Basney
    • 2
  • Von Welch
    • 2
  1. 1.Department of Computer ScienceUniversity of Illinois at Urbana-ChampaignUrbanaUSA
  2. 2.National Center for Supercomputing ApplicationsUniversity of Illinois at Urbana-ChampaignUrbanaUSA

Personalised recommendations