Skip to main content
Springer Nature Link
Log in

Privacy-Preserving Trust Negotiations

  • Conference paper
Privacy Enhancing Technologies (PET 2004)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3424))

Included in the following conference series:

  • 1519 Accesses

Abstract

Trust negotiation is a promising approach for establishing trust in open systems, where sensitive interactions may often occur between entities with no prior knowledge of each other. Although several proposals today exist of systems for the management of trust negotiations none of them addresses in a comprehensive way the problem of privacy preservation. Privacy is today one of the major concerns of users exchanging information through the Web and thus we believe that trust negotiation systems must effectively address privacy issues to be widely acceptable. For these reasons, in this paper we investigate privacy in the context of trust negotiations. More precisely, we propose a set of privacy preserving features to be included in any trust negotiation system, such as the support for the P3P standard, as well as different formats to encode credentials.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Westin, A.F.: Privacy and Freedom, Atheneum, New York (1967)

    Google Scholar 

  2. Winsborough, W.H., Li, N.: Protecting sensitive attributes in automated trust negotiation. In: ACM Workshop on Privacy in the Electronic Society (2002)

    Google Scholar 

  3. Winslett, M., et al.: Negotiating Trust on The Web. IEEE Internet Computing 6(6), 30–37 (2002)

    Article  Google Scholar 

  4. Agraval, R., Kiernan, J., Srikant, R., Yu, X.: Implementing P3P using database technology. In: 19th International Conference on Data Engineering, Bangalore, India (2003)

    Google Scholar 

  5. Cranor, L., Langheirich, M., Marchiori, M.: The Platform for Privacy Preferences 1.0 (p3p1.0) specification, W3C Reccomandation (2002), http://www.w3.org/P3P/brochure.html

  6. Cranor, L., Langheirich, M., Marchiori, M.: A P3P Preference Exchange Language 1.0 (appel1.0) W3C Working Draft (2002)

    Google Scholar 

  7. Bonatti, P., Samarati, P.: Regulating Access Services and Information Release on the Web. In: 7th ACM Conference on Computer and Communications Security, Athens, Greece (2000)

    Google Scholar 

  8. Herzberg, A., Mihaeli, et al.: Access Control meets Public Key Infrastructure, or: Assigning Roles to Strangers. In: IEEE Symposium on Security and Privacy, Oakland, CA (2000)

    Google Scholar 

  9. Seamons, K.E., Winslett, M., Yu, T.: Limiting the disclosure of Access Control Policies during Automated Trust Negotiation. Network and Distributed System Security Simposium, San Diego, CA (2001)

    Google Scholar 

  10. Yu, T., Winslett, M.: A Unified Scheme for Resource protection in Automated Trust Negotiation. In: IEEE Symposium on Security and Privacy, Oakland, CA (2003)

    Google Scholar 

  11. Winsborough, W., Li, N.: Towards Practical Automated Trust Negotiation (2002)

    Google Scholar 

  12. Bertino, E., Ferrari, E., Squicciarini, A.: Trust-X - a Peer to Peer Framework for Trust Establishment. In: IEEE TKDE, Transactions on Knowledge and Data Engineering (2004) (to appear)

    Google Scholar 

  13. Seamons, K.E., Winslett, M., Yu, T.: Protecting privacy during on line trust negotiation. In: 2nd Workshop on Privacy Enhancing Technologies, San Francisco, CA (2002)

    Google Scholar 

  14. Brands, S.: Rethinking Public Key Infrastructure and Digital Credentials. MIT Press, Cambridge (2000)

    Google Scholar 

  15. Herzberg, A., Mass, Y.: Relying Party Credentials Framework. In: RSA Conference, San Francisco, CA (2001)

    Google Scholar 

  16. Bertino, E., Ferrari, E., Squicciarini, A.: X-TNL - an XML based language for trust negotiations. In: Fourth IEEE International Workshop on Policies for Distributed Systems and Networks, Como, Italy (2003)

    Google Scholar 

  17. Naor, M.: Bit commitment using pseudorandomness. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 128–136. Springer, Heidelberg (1990)

    Google Scholar 

  18. Persiano, P., Visconti, I.: User Privacy Issues Regarding Certificates and the TLS Protocol. In: Proceedings of the ACM Conference on Computer and Communication Security, Athens, Greece (2000)

    Google Scholar 

  19. Jarvis, R.: Selective disclosure of credential content during trust negotiation, Master of Science Thesis, Brigham Young University, Provo, Utah (2003)

    Google Scholar 

  20. World Wide Web Consortium: Extensible markup language (xml) 1.0 (1998), Available at, http://www.w3.org/TR/REC-xml

  21. World Wide Web Consortium (Uniform resource identifiers, naming and addressing: Uris, urls, ...) Available at, http://www.w3.org/addressing

  22. Agraval, R., Kiernan, J., Srikant, R., Xu, Y.: An X-Path based preference language for P3P. In: Twelfth International World Wide Web Conference, Budapest, Hungary (2003)

    Google Scholar 

  23. World Wide Web Consortium (References for p3p implementation) Available at, http://www.w3.org/P3P/implementations

  24. IBM: (Ibm tivoli privacy wizard) Available at, http://www.tivoli.resource_center/maximize/privacy/wizard_code.html

    Google Scholar 

  25. Center, J.J.R.: Jrc p3p resource centre (2002), Available at, http://p3p.jrc.it

  26. World Wide Web Consortium: P3p- the Platform for Privacy Preferences, version 1.1 (2003), Available at, http://www.w3.org/P3P/1.1/

  27. World Wide Web Consortium: Xsl transformations (xslt). version 1.0 w3c recommendation (1999), Available at, http://www.w3.org/TR/xslt

Download references

Author information

Authors and Affiliations

  1. CERIAS and Computer Science Department, Purdue University, West Lafayette, IN, USA

    E. Bertino

  2. Dipartimento di Scienze della Cultura, Politiche e Informazione, Universitá degli Studi dell’Insubria, Como

    E. Ferrari

  3. Dipartimento di Informatica e Comunicazione, Universitá degli Studi di Milano, Milano

    A. C. Squicciarini

Authors
  1. E. Bertino
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. E. Ferrari
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. A. C. Squicciarini
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Artificial Intelligence Center, SRI International,  

    David Martin

  2. The Free Haven Project,  

    Andrei Serjantov

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bertino, E., Ferrari, E., Squicciarini, A.C. (2005). Privacy-Preserving Trust Negotiations. In: Martin, D., Serjantov, A. (eds) Privacy Enhancing Technologies. PET 2004. Lecture Notes in Computer Science, vol 3424. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11423409_18

Download citation

  • DOI: https://doi.org/10.1007/11423409_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-26203-9

  • Online ISBN: 978-3-540-31960-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics