Access control meets public key infrastructure, or: assigning roles to strangers

Herzberg, Amir; Mass, Yosi; Mihaeli, J.; Naor, Dalit; Ravid, Y.

doi:10.1109/secpri.2000.848442

Cited by 230 publications

(187 citation statements)

References 4 publications

Supporting

Mentioning

182

Contrasting

Order By: Relevance

“…Existing trust models can be categorized into two distinct families: Hard Trust Models where trust is established using credentials and trust policies (e.g. [6] and [17]) and Soft Trust Models where trust is built upon pairs experiences, recommendations and reputation (e.g. [11] [25] [14] and [18].…”

Section: Discussion and Concluding Remarksmentioning

confidence: 99%

Social-Compliance in Trust Management within Virtual Communities

Yaich

Boissier

Jaillon

et al. 2011

2011 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology

View full text Add to dashboard Cite

Abstract.Virtual Communities are open socio-technical structures wherein autonomous entities (i.e. agents) with common interests join together to mutually satisfy their goals. The success of these communities relies on collaboration and resource sharing principals, making trust a priority for each member. Such communities need a more flexible trust model wherein both individual (i.e. usercentred) and collective (i.e. community-centred) trust requirements are considered in the decision making-process. This paper reports our on-going efforts in that perspective and presents a multiagent-based Adaptive and Socially-Compliant Trust Management System (ASC-TMS). Policies are used, in the system, to specify individual and collective trust requirements, while meta-policies enable agents to dynamically adapt their policies. The ASC-TMS allows agent to make socially-compliant trust decisions through automatic combination of individual and collective policies.

show abstract

Section: Discussion and Concluding Remarksmentioning

confidence: 99%

Social-Compliance in Trust Management within Virtual Communities

Yaich

Boissier

Jaillon

et al. 2011

2011 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology

View full text Add to dashboard Cite

show abstract

“…Since the number of roles is typically much smaller than the number of users, role-based access control systems reduce the number of access control decisions. A thorough description of role-based access control can be found in (Herzberg et al, 2000). In a role-based access control system the authorization process is split into two steps, namely assignment of one or more roles and check whether a member of the assigned role(s) is allowed to perform the requested action.…”

Section: From Uid/psw-based Authentication To Trust Negotiationmentioning

confidence: 99%

“…), KAoS , PeerTrust (Gavriloaie et al, 2004), Ponder (Damianou et al, 2001), Protune (Bonatti et al, 2006; ? ), PSPL (Bonatti and Samarati, ), Rei (Kagal et al, 2003), RT (Li and Mitchell, ), TPL (Herzberg et al, 2000), WSPL (Anderson, 2004) and XACML (Lorch et al, ; ?). The information we will provide about the aforementioned languages is based on the referenced documents.…”

Section: Presentation Of the Considered Policy Languagesmentioning

confidence: 99%

A Review of Trust Management, Security and Privacy Policy Languages

Coi¹,

Olmedilla

2008

Proceedings of the International Conference on Security and Cryptography

View full text Add to dashboard Cite

Abstract:Policies are a well-known approach to protecting security and privacy of users as well as for flexible trust management in distributed environments. In the last years a number of policy languages were proposed to address different application scenarios. In order to help both developers and users in choosing the language best suiting her needs, policy language comparisons were proposed in the literature. Nevertheless available comparisons address only a small number of languages, are either out-of-date or too narrow in order to provide a broader picture of the research field. In this paper we consider twelve relevant policy languages and compare them on the strength of ten criteria which should be taken into account in designing every policy language. Some criteria are already known in the literature, others are introduced in our work for the first time.By comparing the choices designers made in addressing such criteria, useful conclusions can be drawn about strong points and weaknesses of each policy language.

show abstract

“…We will illustrate this portion of the space by evaluating Delegation Logic (DL) [17], the Role-based Trust-management (RT) framework [16], [18], [19], SD3 [20], and Trust Policy Language (TPL) [21].…”

Section: A Logic-based Approachesmentioning

confidence: 99%

Towards usefully secure email

Masone

Smith

2007

IEEE Technol. Soc. Mag.

View full text Add to dashboard Cite

Abstract-When users' mental models don't match the way the underlying systems work, problems can arise. For human-based security systems to be effective, we believe that is important to identify the tasks involved at which humans excel (and at which computers do not), and then design the system accordingly. To demonstrate this principle, we are building Attribute-Based, Usefully Secure Email (ABUSE), a system that leverages users by enabling them to build a decentralized, non-hierarchical PKI to express their trust relationships with each other, and then to use this PKI to manage their trust in people with whom they correspond via secure email. Our design puts humans into the system-to do things that humans are good at but machines are not-at both the creation of credentials as well as the interpretation of credentials. In this paper, we discuss why secure email is an interesting proving ground for our design ideas, set out the architecture of the system, and relate our early experiences in testing our user interface on real humans.

show abstract

Access control meets public key infrastructure, or: assigning roles to strangers

Abstract: server.We describe our implementation, which can be used as an extension of a web server or as a separate server with interface to applications.

Cited by 230 publications

References 4 publications

Social-Compliance in Trust Management within Virtual Communities

Social-Compliance in Trust Management within Virtual Communities

A Review of Trust Management, Security and Privacy Policy Languages

Towards usefully secure email

Contact Info

Product

Resources

About