Web services are a powerful distributed computing abstraction in that they enable users to develop workflows that incorporate data and information processing services located in multiple organizational domains. Fully realizing the potential of this computing paradigm requires a flexible authorization mechanism that can function correctly without a priori knowledge of the users in the system. Trust negotiation has been proposed as a viable solution to this problem, but doing so within the framework provided by existing web services standards remains an unsolved problem. In this paper, we show how existing web services standards can be extended to enable fully standards-compliant support for trust negotiation. We also show that it is possible to compile trust negotiation policies specified using the WS-SecurityPolicy standard into a representation that is suitable for analysis by CLOUSEAU, a highly-efficient trust negotiation policy compliance checker. Lastly, we show that the TrustBuilder2 framework for trust negotiation can be parameterized to act as a trust engine that can be used by the WS-Trust standard to facilitate these negotiations.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Bauer, L., Garriss, S., Reiter, M.K.: Distributed proving in access-control systems. In: Pro-ceedings of the IEEE Symposium on Security and Privacy, pp. 81-95 (2005)
Becker, M.Y., Sewell, P.: Cassandra: Distributed access control policies with tunable expres-siveness. In: Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 159-168 (2004)
Bertino, E., Ferrari, E., Squicciarini, A.C.: X -TNL: An XML-based language for trust negoti-ations. In: Proceedings of the Fourth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY), pp. 81-84 (2003)
Bertino, E., Ferrari, E., Squicciarini, A.C.: Trust-X : A peer-to-peer framework for trust es-tablishment. IEEE Transactions on Knowledge and Data Engineering 16(7), 827-842 (2004)
Boag, S., Chamberlain, D., Fernandez, M.F., Florescu, D., Robie, J., Simeon, J., (Editors): XQuery 1.0: An XML Query Language. W3C Recommendation (2007). http://www.w3.org/TR/xquery/
Bonatti, P., Samarati, P.: Regulating service access and information release on the web. In: Proceedings of the Seventh ACM Conference on Computer and Communications Security (CCS), pp. 134-143 (2000)
Business process execution language for web services version 1.1. Web page (2007). http://www.ibm.com/developerworks/library/specification/ws-bpel/
Christensen, E., Curbera, F., Meredith, G., Weerawarana, S.: Web services description lan-guage (WSDL) 1.1. W3C Note (2001). http://www.w3.org/TR/wsdl
Herzberg, A., Mass, Y., Michaeli, J., Naor, D., Ravid, Y.: Access control meets public key infrastructure, or: Assigning roles to strangers. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 2-14 (2000)
Koshutanski, H., Massacci, F.: Interactive access control for web services. In: Proceedings of the 19th IFIP Information Security Conference (SEC), pp. 151-166 (2004)
Koshutanski, H., Massacci, F.: An interactive trust management and negotiation scheme. In: Proceedings of the Second International Workshop on Formal Aspects in Security and Trust (FAST), pp. 139-152 (2004)
Koshutanski, H., Massacci, F.: Interactive credential negotiation for stateful business pro-cesses. In: Proceedings of the Third International Conference on Trust Management (iTrust), pp. 257-273 (2005)
Lee, A.J., Winslett, M.: Towards and efficient and language-agnostic compliance checker for trust negotiation systems. In: Proceedings of the Third ACM Symposium on Information, Computer and Communications Security (ASIACCS 2008) (2008)
Lee, A.J., Winslett, M.: Towards standards-compliant trust negotiation for web services (ex-tended version). Tech. Rep. UIUCDCS-R-2008-2944, University of Illinois at Urbana-Champaign Department of Computer Science (2008)
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust-management frame-work. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 114-130 (2002)
Nadalin, A., Goodner, M., Gudgin, M., Barbir, A., Granqvist, H.,(Editors): WS-SecurityPolicy1.2.OASIS Standard (2007). http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/
Nadalin, A., Goodner, M., Gudgin, M., Barbir, A., Granqvist, H., (Editors): WS-Trust 1.3. OASIS Standard (2007). http://docs.oasis-open.org/ws-sx/ws-trust/200512/
Nadalin, A., Kaler, C., Monzillo, R., Hallam-Baker, P., (Editors): WS-Security Core Specifi-cation 1.1. OASIS Standard (2006). http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf
Schlimmer, J., (Editor): Web Services Policy 1.2 - Framework (WS-Policy) . W3C Member Submission (2006). http://www.w3.org/Submission/WS-Policy/
OASIS UDDI Specifications TC. Web page. http://www.oasis-open.org/committees/uddi-spec/,
Winsborough, W.H., Seamons, K.E., Jones, V.E.: Automated trust negotiation. In: Proceedings of the DARPA Information Survivability Conference and Exposition, pp. 88-102 (2000)
Winslett, M., Zhang, C., Bonatti, P.A.: PeerAccess: A logic for distributed authorization. In: Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS 2005), pp. 168-179 (2005)
Yu, T., Winslett, M., Seamons, K.E.: Supporting structured credentials and sensitive policies throu gh interoperable strategies for automated trust negotiation. ACM Transactions on Infor-mation and System Security 6(1) (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Lee, A.J., Winslett, M. (2008). Towards Standards-Compliant Trust Negotiation for Web Services. In: Karabulut, Y., Mitchell, J., Herrmann, P., Jensen, C.D. (eds) Trust Management II. IFIPTM 2008. IFIP – The International Federation for Information Processing, vol 263. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-09428-1_20
Download citation
DOI: https://doi.org/10.1007/978-0-387-09428-1_20
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-09427-4
Online ISBN: 978-0-387-09428-1
eBook Packages: Computer ScienceComputer Science (R0)