Skip to main content
SpringerLink
Log in

Requirements of federated trust management for service-oriented architectures

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Trust management plays a critical role to smooth collaboration among component services from different trust domains and information sharing between trust domains. The federation of these component services makes new demands for managing trust-related behavior. Although many extant trust management systems deal with intra-domain trust behaviors, there is a growing need for effective strategies for managing inter-domain behaviors. In this paper we explore requirements for a federated trust management system from four aspects, and then examine a set of suitable criteria for evaluation of such a system. The purpose of this paper is not to suggest a complete set of evaluation metrics covering all necessary features; instead, its purpose is to initiate a discussion and to offer a context in which to evaluate current and future solutions, in order to encourage the development of proper models and systems for federated trust management.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Atkinson, B., et al.: UDDI Spec technical committee specification. October 2003. http://uddi.org/pubs/uddi-v3.0.1-20031014.htm

  2. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. Proceedings of 1996 IEEE symposium on security and privacy, pp. 164–173 (1996)

  3. Blaze, M., Feigenbaum, J., Keromytis, A.D.: KeyNote: trust management for public-key infrastructures. Proceedings of the 1998 security protocols international workshop, Springer LNCS, vol. 1550, April 1998, pp. 59–63 (1998)

  4. Cantor, S. et al.: Assertions and protocols for the OASIS Security Assertion Markup Language (SAML) V2.0,” March, 2005. http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

  5. Chu Y.-H., Feigenbaum J., LaMacchia B., Resnick P. and Strauss M. (1997). REFEREE: trust management for Web applications. World Wide Web 2: 127–139

    Google Scholar 

  6. Fullam, K., Barber, K.S.: A temporal policy for trusting information. Proceedings of the AAMAS-2004 workshop on trust in agent societies, pp. 47–57 (2004)

  7. Ghanea-Hercock, R.: The cost of trust. Proceedings of the AAMAS-2004 workshop on trust in agent societies, pp. 58–64 (2004)

  8. Harrisons McKnight, D., Chervany, N.L.: The meanings of trust. MISRC working papers series, last revised: April 1 (2000)

  9. IBM: Access control meets public key infrastructure, or: assigning roles to strangers. Proceedings of IEEE symposium on security and privacy, 2000. http://www.hrl.il.ibm.com/ TrustEstablishment/paper.asp

  10. IBM: IBM trust establishment policy language. http://www.hrl.il. ibm.com/TrustEstablishment/PolicyLanguage.asp

  11. Jain, A.K., Pankanti, S., Prabhakar, S.: Biometric recognition: security and privacy concerns. IEEE security and privacy, March–April 2003, pp. 33–42 (2003)

  12. Klos, T., Poutre, H.L.: Using reputation-based trust for assessing agent reliability. Proceedings of the AAMAS-2004 workshop on trust in agent societies, pp. 75–82 (2004)

  13. Liberty Alliance Introduction to the liberty alliance identity architecture, March, 2003. http://www.projectliberty.org/about/ whitepapers.php

  14. OASIS: Web Services Security (WS-Security). March 2004 http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss

  15. Ruohomaa, S., Kutvonen, L.: Trust management survey. Proceedings of the 3rd international conference on trust management, pp. 77–92 (2005)

  16. Ryutov, T., Neuman, C.: The specification and enforcement of advanced security policies. Proceedings of the 2002 conference on policies for distributed systems and networks (POLICY 2002), June (2002)

  17. Ryutov, T., et al.: Adaptive trust negotiation and access control. Proceedings of 11th ACM symposium on access control models and technologies, June, pp. 139–146 (2005)

  18. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role based access control models. IEEE computer, vol. 2, February 1996, pp. 38–47 (1996)

  19. Seamons, K.E., Winslett, M., Yu, T., Smith, B., Child, E., Jacobson, J., Mills, H., Yu, L.: Requirements for policy languages for trust negotiation. Proceedings of 3rd international workshop on policies for distributed systems and networks, Monterey, California, June 2002, pp. 68–79 (2002)

  20. Winslett M., Yu T., Seamons K.E., Hess A., Jacobson J., Jarvis R., Smith B. and Yu L. (2002). The trustbuilder architecture for trust negotiation. IEEE Internet Comput 6(6): 30–37

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Virginia, 151 Engineer’s Way, Charlottesville, VA, 22904, USA

    Zhengping Wu & Alfred C. Weaver

Authors
  1. Zhengping Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alfred C. Weaver
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhengping Wu.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Wu, Z., Weaver, A.C. Requirements of federated trust management for service-oriented architectures. Int. J. Inf. Secur. 6, 287–296 (2007). https://doi.org/10.1007/s10207-007-0027-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-007-0027-9

Keywords

Search

Navigation