Relying Party Credentials Framework

Herzberg, Amir; Mass, Yosi

doi:10.1023/b:elec.0000009280.90875.05

Cited by 6 publications

(2 citation statements)

References 20 publications

(18 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As the theory must precede the implementation, many of the results reported in this paper are not yet included in the TrustBuilder prototypes. The current implementations utilize the IBM Trust Establishment (TE) system [Herzberg et al 2000;Herzberg and Mass 2001] to create X.509v3 certificates. Attributes associated with credential owners are stored in user-defined extensions of X.509v3 certificates.…”

Section: Summary and Future Workmentioning

confidence: 99%

Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation

Winslett

Seamons

2003

ACM Trans. Inf. Syst. Secur.

246

173

View full text Add to dashboard Cite

Business and military partners, companies and their customers, and other closely cooperating parties may have a compelling need to conduct sensitive interactions on line, such as accessing each other's local services and other local resources. Automated trust negotiation is an approach to establishing trust between parties so that such interactions can take place, through the use of access control policies that specify what combinations of digital credentials a stranger must disclose to gain access to a local resource. A party can use many different strategies to negotiate trust, offering tradeoffs between the length of the negotiation, the amount of extraneous information disclosed, and the computational effort expended. To preserve parties' autonomy, each party should ideally be able to choose its negotiation strategy independently, while still being guaranteed that negotiations will succeed whenever possible-that the two parties' strategies will interoperate. In this paper we provide the formal underpinnings for that goal, by formalizing the concepts of negotiation protocols, strategies, and interoperation. We show how to model the information flow of a negotiation for use in analyzing strategy interoperation. We also present two large sets of strategies whose members all interoperate with one another, and show that these sets contain many practical strategies. We develop the theory for black-box propositional credentials as well as credentials with internal structure, and for access control policies whose contents are (respectively are not) sensitive. We also discuss how these results fit into TrustBuilder, our prototype system for trust negotiation.

show abstract

Section: Summary and Future Workmentioning

confidence: 99%

Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation

Winslett

Seamons

2003

ACM Trans. Inf. Syst. Secur.

246

173

View full text Add to dashboard Cite

show abstract

“…Other related work is the work on credential specification for stranger parties. In particular, the work by IBM on Trust Policy Language (TPL) [Herzberg and Mass 2001] is devoted to the enforcement of an XML-based framework for specifying and managing role-based access control in a distributed context. This framework has been extended for mapping subject certificates to a role, based on policies defined by the owner of the resource and on the roles of the issuers of the certificates [Herzberg et al 2000].…”

Section: Related Workmentioning

confidence: 99%

Secure and selective dissemination of XML documents

Bertino

Ferrari

2002

ACM Trans. Inf. Syst. Secur.

261

219

View full text Add to dashboard Cite

XML (eXtensible Markup Language) has emerged as a prevalent standard for document representation and exchange on the Web. It is often the case that XML documents contain information of different sensitivity degrees that must be selectively shared by (possibly large) user communities. There is thus the need for models and mechanisms enabling the specification and enforcement of access control policies for XML documents. Mechanisms are also required enabling a secure and selective dissemination of documents to users, according to the authorizations that these users have. In this article, we make several contributions to the problem of secure and selective dissemination of XML documents. First, we define a formal model of access control policies for XML documents. Policies that can be defined in our model take into account both user profiles, and document contents and structures. We also propose an approach, based on an extension of the Cryptolope TM approach [Gladney and Lotspiech 1997], which essentially allows one to send the same document to all users, and yet to enforce the stated access control policies. Our approach consists of encrypting different portions of the same document according to different encryption keys, and selectively distributing these keys to the various users according to the access control policies. We show that the number of encryption keys that have to be generated under our approach is minimal and we present an architecture to support document distribution.

show abstract

Mediator-Free Secure Policy Interoperation of Exclusively-Trusted Multiple Domains

Wang

Feng

et al.

Information Security Practice and Experience

View full text Add to dashboard Cite

Relying Party Credentials Framework

Cited by 6 publications

References 20 publications

Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation

Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation

Secure and selective dissemination of XML documents

Mediator-Free Secure Policy Interoperation of Exclusively-Trusted Multiple Domains

Contact Info

Product

Resources

About