Requirements of federated trust management for service-oriented architectures

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Requirements of federated trust management for service-oriented architectures

Full text

Pdf (382 KB)

Source

PST; Vol. 380 archive
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services table of contents

Markham, Ontario, Canada

SESSION: Trust computing table of contents

Article No. 10

Year of Publication: 2006

ISBN:1-59593-604-1

Authors

Zhengping Wu	University of Virginia, Charlottesville, VA
Alfred C. Weaver	University of Virginia, Charlottesville, VA

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 12, Downloads (12 Months): 85, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1501434.1501447 What is a DOI?

ABSTRACT

With the emergence of an effective infrastructure supporting Grid Computing and Web Services, service-oriented computing has been growing over the last few years, and service-oriented architectures are becoming an important computing paradigm. When different trust domains control different component services, trust management plays a critical role to smooth the collaboration among component services. The federation of these component services makes new demands for managing trust-related behavior. Although many extant trust management systems deal with intradomain trust behaviors, there is a growing need for effective strategies for managing inter-domain behaviors. In this paper we explore requirements for a federated trust management system. The purpose of this paper is not to suggest a single type of system covering all necessary features; instead, its purpose is to initiate a discussion of the requirements arising from inter-domain federation, to offer a context in which to evaluate current and future solutions, and to encourage the development of proper models and systems for federated trust management. Our discussion addresses issues arising from trust representation, trust exchange, trust establishment, trust enforcement, and trust storage.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	M. P. Papazoglou , D. Georgakopoulos, Introduction, Communications of the ACM, v.46 n.10, October 2003 [doi>10.1145/944217.944233]
	2	Matt Blaze , Joan Feigenbaum , John Ioannidis , Angelos D. Keromytis, The role of trust management in distributed systems security, Secure Internet programming: security issues for mobile and distributed objects, Springer-Verlag, London, 2001
	3	Ali Arsanjani, Introduction, Communications of the ACM, v.45 n.10, October 2002 [doi>10.1145/570907.570927]
	4	T. Grandison and M. Sloman, "A survey of trust in internet applications," IEEE Communications Surveys and Tutorials, Fourth Quarter, 2000, Vol. 3 pp. 2--16.
	5	Theo Dimitrakos, "System models, e-risks and e-trust. towards bridging the gap?" 2001. http://www.bitd.clrc.ac.uk/PersonPublications/26853.
	6	Anil Kini, Trust in Electronic Commerce: Definition and Theoretical Considerations, Proceedings of the Thirty-First Annual Hawaii International Conference on System Sciences-Volume 4, p.51, January 06-09, 1998
	7	D. Harrison McKnight and Norman L. Chervany, "The Meanings of Trust," MISRC Working Papers Series, last revised: April 1, 2000.
	8	I. Djordjevic and T. Dimitrakos, "Towards dynamic security perimeters for virtual collaborative networks," Proc. of 2nd International Conference on Trust Management, March 29--April 1, 2004, pp. 191--205.
	9	Matt Blaze , Joan Feigenbaum , Jack Lacy, Decentralized Trust Management, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.164, May 06-08, 1996
	10	Matt Blaze , Joan Feigenbaum , Angelos D. Keromytis, KeyNote: Trust Management for Public-Key Infrastructures (Position Paper), Proceedings of the 6th International Workshop on Security Protocols, p.59-63, April 15-17, 1998
	11	Tyrone Grandison , Morris Sloman, Specifying and Analysing Trust for Internet Applications, Proceedings of the IFIP Conference on Towards The Knowledge Society: E-Commerce, E-Business, E-Government, p.145-157, October 07-09, 2002
	12	G. Tonti, J. M. Bradshaw, R. Jeffers, R. Montanari, N. Suri, A. Uszok, "Semantic Web languages for policy representation and reasoning: A comparison of KAoS, Rei, and Ponder," Proc. of 2003 International Conference on Semantic Web, 2003, pp. 419--437.
	13	A. Uszok, J. M. Bradshaw, R. Jeffers, "KAoS: A policy and domain services framework for grid computing and Semantic Web services," Proc. of 2nd International Conference on Trust Management, March 29---April 1, 2004, pp. 16--26.
	14	Lalana Kagal , Tim Finin , Anupam Joshi, A Policy Language for a Pervasive Computing Environment, Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, p.63, June 04-06, 2003
	15	B. S. Firozabadi, M. Sergot, "Revocation in the privilege calculus," Proc. of Workshop on Formal Aspects of Security and Trust (FAST2003), 2003, pp. 39--51.
	16	E. Rissanen, "Server based application level authorization for Rotor," IEE Proc. of Software, Vol. 150, 2003, pp. 291--295.
	17	P. Jonathon Phillips , Alvin Martin , C. l. Wilson , Mark Przybocki, An Introduction to Evaluating Biometric Systems, Computer, v.33 n.2, p.56-63, February 2000 [doi>10.1109/2.820040]
	18	S. Sandersonand, J. H. Erbetta, "Authentication for secure Environments based on Iris Scanning Technology," IEEE Colloquium on Visual Biometrics, vol. 8, pp. 1--7, 2000.
	19	A. K. Jain, Friederike D. Griess, and Scott D. Connell, "Online Signature Verification," Pattern Recognition, vol. 35, no. 12, December 2002, pp. 2963--2972.
	20	Smart Card Alliance, "HIPAA Compliance and Smart Cards: Solutions to Privacy and Security Requirements," Smart Card Alliance Research Report, September 2003.
	21	Smart Card Alliance, "Contactless Technology for Secure Physical Access: Technology and Standards Choices," Smart Card Alliance Research Report, October 2002.
	22	Simson Garfinkel , Deborah Russell, PGP: Pretty Good Privacy, O'Reilly & Associates, Inc., Sebastopol, CA, 1996
	23	Yang-Hua Chu , Joan Feigenbaum , Brian LaMacchia , Paul Resnick , Martin Strauss, Referee: trust management for Web applications, World Wide Web Journal, v.2 n.3, p.127-139, Summer 1997
	24	H. Gladney, "Safe deals between strangers," IBM Research technical report (draft), August 1999.
	25	Martín Abadi , Michael Burrows , Butler Lampson , Gordon Plotkin, A calculus for access control in distributed systems, ACM Transactions on Programming Languages and Systems (TOPLAS), v.15 n.4, p.706-734, Sept. 1993 [doi>10.1145/155183.155225]
	26	Ninghui Li , Benjamin N. Grosof , Joan Feigenbaum, Delegation logic: A logic-based approach to distributed authorization, ACM Transactions on Information and System Security (TISSEC), v.6 n.1, p.128-171, February 2003 [doi>10.1145/605434.605438]
	27	Steve Anderson, et al., "Web Services Trust Language (WS-Trust)," May 2004. http://msdn.microsoft.com/ws/2004/04/ws-trust/
	28	Siddharth Bajaj, et al., "Web Services Policy Framework (WS-Policy)," September 2004. http://msdn.microsoft.com/library/en-us/dnglobspec/html/ws-policy.asp
	29	Siddharth Bajaj, et al., "Web Services Federation Language (WS-Federation)," July 2003. http://msdn.microsoft.com/library/en-us/dnglobspec/html/ws-federation.asp
	30	IETF, "The TLS Protocol Version 1.0 (RFC 2246)," ftp://ftp.ietf.org/rfc/rfc2246.txt
	31	IETF, "The Secure HyperText Transfer Protocol," ftp://ftp.ietf.org/rfc/rfc2660.txt
	32	Takeshi Imamura, et al., "XML Encryption Syntax and Processing," December 2002. http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/
	33	OASIS, "Web Services Security (WS-Security)" April 2004. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss
	34	Mark Bartel, et al., "XML-Signature Syntax and Processing," February 2002. http://www.w3.org/TR/xmldsig-core/
	35	Bob Atkinson, et al., "UDDI Spec Technical Committee Specification" October 2003. http://uddi.org/pubs/uddi-v3.0.1-20031014.htm
	36	Steve Anderson, et al., "Web Services Secure Conversation Language (WS-SecureConversation)," May 2004. http://msdn.microsoft.com/library/en-us/dnglobspec/html/ws-secureconversation.asp
	37	Lorrie Cranor, et al., "The Platform for Privacy Preferences 1.1 Specification (W3C Working Draft 4)," January 2005. http://www.w3.org/TR/2005/WD-P3P11-20050104/
	38	WS-Privacy, http://www.serviceoriented.org/ws-privacy.html
	39	Thomas Beth , Malte Borcherding , Birgit Klein, Valuation of Trust in Open Networks, Proceedings of the Third European Symposium on Research in Computer Security, p.3-18, November 07-09, 1994
	40	Michael K. Reiter , Stuart G. Stubblebine, Authentication metric analysis and design, ACM Transactions on Information and System Security (TISSEC), v.2 n.2, p.138-158, May 1999 [doi>10.1145/317087.317088]
	41	Phillip Hallam-Baker, et al., "Web Services Security X.509 Certificate Token Profile," OASIS Standard 200401, March 2004. http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf
	42	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845]
	43	David W. Chadwick , Alexander Otenko , Edward Ball, Role-Based Access Control With X.509 Attribute Certificates, IEEE Internet Computing, v.7 n.2, p.62-69, March 2003 [doi>10.1109/MIC.2003.1189190]
	44	Eric Freudenthal , Tracy Pesin , Lawrence Port , Edward Keenan , Vijay Karamcheti, dRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments, Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02), p.411, July 02-05, 2002
	45	Fred B. Schneider, Least Privilege and More, IEEE Security and Privacy, v.1 n.5, p.55-59, September 2003 [doi>10.1109/MSECP.2003.1236236]
	46	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845]
	47	David F. Ferraiolo , Ravi Sandhu , Serban Gavrila , D. Richard Kuhn , Ramaswamy Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.224-274, August 2001 [doi>10.1145/501978.501980]
	48	Sylvia Osborn , Ravi Sandhu , Qamar Munawer, Configuring role-based access control to enforce mandatory and discretionary access control policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.2, p.85-106, May 2000 [doi>10.1145/354876.354878]
	49	Trevor Jim, SD3: A Trust Management System with Certified Evaluation, Proceedings of the 2001 IEEE Symposium on Security and Privacy, p.106, May 14-16, 2001
	50	Paul Ashley, Satoshi Hada, Günter Karjoth, Calvin Powers, Matthias Schunter, "Enterprise Privacy Authorization Language," W3C Document, November 2003. http://www.w3.org/Submission/2003/SUBM-EPAL-20031110/
	51	Steve Barker , Peter J. Stuckey, Flexible access control policy specification with constraint logic programming, ACM Transactions on Information and System Security (TISSEC), v.6 n.4, p.501-546, November 2003 [doi>10.1145/950191.950194]
	52	E. Bertino , B. Catania , E. Ferrari , P. Perlasca, A System to Specify and Manage Multipolicy Access Control Models, Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02), p.116, June 05-07, 2002
	53	John DeTreville, Binder, a Logic-Based Security Language, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.105, May 12-15, 2002
	54	K. Seamons , M. Winslett , T. Yu , B. Smith , E. Child , J. Jacobson , H. Mills , L. Yu, Requirements for Policy Languages for Trust Negotiation, Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02), p.68, June 05-07, 2002
	55	Salil Prabhakar , Sharath Pankanti , Anil K. Jain, Biometric Recognition: Security and Privacy Concerns, IEEE Security and Privacy, v.1 n.2, p.33-42, March 2003 [doi>10.1109/MSECP.2003.1193209]
	56	G. Miklau and D. Suciu, "Managing Integrity for Data Exchanged on the Web," Proc. 8th International Workshop on the Web and Databases, June 2005, Baltimore, Maryland.
	57	Marianne Winslett , Ting Yu , Kent E. Seamons , Adam Hess , Jared Jacobson , Ryan Jarvis , Bryan Smith , Lina Yu, Negotiating Trust on the Web, IEEE Internet Computing, v.6 n.6, p.30-37, November 2002 [doi>10.1109/MIC.2002.1067734]
	58	H. Koshutanski and F. Massacci, "Interactive trust management and negotiation scheme," Proc. FAST'04 Workshop, Kluwer, 2004, pp. 139--152.
	59	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845]
	60	IBM, "IBM Trust Establishment Policy Language" http://www.hrl.il.ibm.com/TrustEstablishment/PolicyLanguage.asp.
	61	Amir Herzberg , Yosi Mass , Joris Michaeli , Yiftach Ravid , Dalit Naor, Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.2, May 14-17, 2000
	62	Liberty Alliance, "Introduction to the Liberty Alliance Identity Architecture" March, 2003. http://www.projectliberty.org/about/whitepapers.php.
	63	Scott Cantor, et al., "Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0," March 2005. http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
	64	ProComp, "Passport to monopoly - Windows XP, Passport, and the emerging world of distributed applications" June, 2001. http://www.procompetition.org/headlines/WhitePaper6_21.pdf