Traust: A Trust Negotiation Based Authorization Service
In this demonstration, we present Traust, a flexible authorization service for open systems. Traust uses the technique of trust negotiation to map globally meaningful assertions regarding a previously unknown client into security tokens that are meaningful to resources deployed in the Traust service’s security domain. This system helps preserve the privacy of both users and the service, while at the same time automating interactions between security domains that would previously have required human intervention (e.g., the establishment of local accounts). We will demonstrate how the Traust service enables the use of trust negotiation to broker access to resources in open systems without requiring changes to protocol standards or applications software.
KeywordsSecurity Domain Trust Negotiation Digital Credential Authorization Decision Authorization Service
Unable to display preview. Download preview PDF.
- 1.Herzberg, A., Mihaeli, J., Mass, Y., Naor, D., Ravid, Y.: Access control meets public key infrastructure, or: Assigning roles to strangers. In: IEEE Symposium on Security and Privacy (May 2000)Google Scholar
- 2.Hess, A., Holt, J., Jacobson, J., Seamons, K.E.: Content-triggered trust negotiation. ACM Transactions on Information System Security 7(3) (August 2004)Google Scholar
- 3.Hess, A., Jacobson, J., Mills, H., Wamsley, R., Seamons, K.E., Smith, B.: Advanced client/server authentication in TLS. In: Network and Distributed Systems Security Symposium (February 2002)Google Scholar
- 4.Housely, R., Ford, W., Polk, W., Solo, D.: Internet X.509 public key infrastructure certificate and CRL profile. RFC 2459 (January 1999)Google Scholar
- 5.Kohl, J., Neuman, C.: The Kerberos network authentication service (V5). RFC 1510 (September 1993)Google Scholar
- 6.Koshutanski, H., Massacci, F.: Interactive trust management and negotiation scheme. In: 2nd International Workshop on Formal Aspects in Security and Trust (FAST), pp. 139–152 (August 2004)Google Scholar
- 7.Li, N., Mitchell, J.: RT: A role-based trust-management framework. In: Third DARPA Information Survivability Conference and Exposition (April 2003)Google Scholar
- 8.Novotny, J., Tuecke, S., Welch, V.: An online credential repository for the grid: MyProxy. In: Tenth International Symposium on High Performance Distributed Computing (HPDC-10) (August 2001)Google Scholar
- 9.van der Horst, T., Sundelin, T., Seamons, K.E., Knutson, C.D.: Mobile trust negotiation: Authentication and authorization in dynamic mobile networks. In: Eigth IFIP Conference on Communications and Multimedia Security (September 2004)Google Scholar
- 10.Winsborough, W.H., Seamons, K.E., Jones, V.E.: Automated trust negotiation. In: DARPA Information Survivability Conference and Exposition (January 2000)Google Scholar
- 12.Yu, T., Winslett, M., Seamons, K.E.: Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Transactions on Information and System Security 6(1) (February 2003)Google Scholar