Skip to main content
SpringerLink
Log in

A trust negotiation system for digital library Web services

  • Regular contribution
  • Published:
International Journal on Digital Libraries Aims and scope Submit manuscript

Abstract

A scalable approach to trust negotiation is required in digital library (DL) environments that have large and dynamic user populations. In this paper we introduce Trust-Serv, a model-driven trust negotiation framework for Web services, and show how it can be used to effectively handle trust negotiation in DLs. The framework employs a model for trust negotiation based on state machines, extended with security abstractions. High-level specifications expressed with the state-machine-based model are then translated into formats suitable for automating the trust negotiation process. The proposed framework also supports negotiation policy lifecycle management, an important trait in the dynamic environments that characterize DLs. In particular, we present a set of policy change operations that enable the dynamic evolution of negotiation policies without disrupting ongoing negotiations. The proposed approach has been implemented as a container-centric mechanism that is transparent to the DL and to the developers of DL Web services, simplifying DL development and management as well as enabling scalable deployments.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Adam NR, Atluri V, Bertino E, Ferrari E (2002) A content-based authorization model for digital libraries. IEEE Trans Knowl Data Eng 14:296–315

    Article  Google Scholar 

  2. Benatallah B, Sheng QZ, Dumas M (2003) The Self-Serv environment for Web services composition. IEEE Internet Comput 7:40–48

    Article  Google Scholar 

  3. Bertino E, Castano S, Ferrari E (2001) On specifying security policies for Web documents with an XML-based language. In: Proc. 6th ACM symposium on access control models and technologies (SACMAT’01), Chantilly, VA. ACM Press, New York, pp 57–65

  4. Bertino E, Ferrari E, Atluri V (2002) The specification and enforcement of authorization constraints in workflow management systems. ACM Trans Inf Syst Secur 2:65–104

    Article  Google Scholar 

  5. Bertino E, Ferrari E, Squicciarini AC (2003) χ-TNL: An XML-based language for trust negotiations. In: Proc. 4th international workshop on policies for distributed systems and networks (POLICY’03), Como, Italy

  6. Bettini C, Jajodia S, Wang XS, Wijesekera D (2002) Obligation monitoring in policy management. In: Proc. 3rd international workshop on policies for distributed systems and networks (POLICY’02), Monterey, CA. IEEE Press, Los Alamitos, CA, pp 2–12

  7. Bettini C, Jajodia S, Wang XS, Wijesekera D (2002) Provisions and obligations in policy management and security applications. In: Proc. 28th conference on very large data bases (VLDB’02), Hong Kong. Morgan Kaufmann, San Francisco, pp 502–513

  8. Blaze M, Feigenbaum J, Ioannidis J, Keromytis A (1999) The KeyNote trust-management system. Internet Engineering Task Force RFC 2704. www.rfc-editor.org/rfc/rfc2704.txt

  9. Blaze M, Feigenbaum J, Lacy J (1996) Decentralized trust management. In: Proc. IEEE symposium on security and privacy, Oakland, CA. IEEE Press, Los Alamitos, CA, pp 164–173

  10. Bonatti P, Samarati P (2002) A unified framework for regulating access and information release on the Web. J Comput Secur 10:241–272

    Article  Google Scholar 

  11. Casati F, Ceri S, Pernici B, Pozzi G (1998) Workflow evolution. Data Knowl Eng 24:211–238

    Article  MATH  Google Scholar 

  12. Casati F, Shan E, Dayal U, Shan MC (2003) Business-oriented management of Web services. Commun ACM 46:55–60

    Article  Google Scholar 

  13. Chinnici R, Gudgin M, Moreau JJ, Weerawarana S (2003) Web Service Description Language (WSDL). W3C Working Draft. www.w3.org/TR/wsdl12

  14. Clark J, DeRose S (eds) (1999) XML Path Language (XPath) version 1.0. W3C Recommendation. www.w3.org/TR/xpath

  15. Curbera F, Duftler M, Khalaf R, Nagy W, Mukhi N, Weerawarana S (2002) Unraveling the Web services web: an introduction to SOAP, WSDL, and UDDI. IEEE Internet Comput 6:86–93

  16. Curbera F, Khalaf R, Mukhi N, Tai S, Weerawarana S (2003) The next step in Web services. Commun ACM 46:29–34

    Article  Google Scholar 

  17. Ellison C, Frantz B, Lampson B, Rivest R, Thomas B, Ylonen T (1999) SPKI certificate theory. Internet Eng. Task Force RFC 2693. www.rfc-editor.org/rfc/rfc2693.txt

  18. Ferraiolo DF, Sandhu R, Gavrila S, Kuhn DR, Chandramouli R (2001) Proposed NIST standard for role-based access control. ACM Trans Inf Syst Secur 4:224–274

    Article  Google Scholar 

  19. Ford W, Hallam-Baker P, Fox B, Dillaway B, LaMacchia B, Epstein J, Lapp J (2001) XML Key Management Specification (XKMS). W3C Note. www.w3.org/TR/xkms

  20. Grandison T, Sloman M (2000) A survey of trust in Internet applications. IEEE Commun Surv Tutorials 3:2–16

    Article  Google Scholar 

  21. Gudgin M, Hadley M, Mendelsohn N, Moreau JJ, Nielsen HF (eds) (2003) SOAP version 1.2. W3C Recommendation. www.w3.org/TR/SOAP

  22. Herzberg A, Mass Y, Mihaeli J, Naor D, Ravid Y (2000) Access control meets public key infrastructure, or: assigning roles to strangers. In: Proc. IEEE symposium on security and privacy, Berkeley, CA. IEEE Press, Los Alamitos, CA, pp 2–14

  23. Housley R, Ford W, Polk W, Solo D (1999) Internet X.509 public key infrastructure certificate and CRL profile. Internet Engineering Task Force RFC 2459. www.rfc-editor.org/rfc/rfc2459.txt

  24. IBM (2003) Emerging Technologies Toolkit (ETTK). www.alphaworks.ibm.com/tech/ettk

  25. Li N, Mitchell JC (2003) RT: A Role-based trust-management framework. In: Proc. 3rd DARPA conference and exposition on information survivability (DISCEX’03), Washington, DC. IEEE Press, Los Alamitos, CA, 1:201–212

  26. Li N, Mitchell JC, Winsborough WH (2002) Design of a role-based trust-management framework. In: Proc. IEEE symposium on security and privacy, Berkeley, CA. IEEE Press, Los Alamitos, CA, pp 104–120

  27. Liu CT, Chang SK, Chrysanthis PK (1994) Database schema evolution using EVER diagrams. In: Proc. ACM workshop on advanced visual interfaces (AVI’94), Bari, Italy. ACM Press, New York, pp 123–132

  28. Maler E, Mishra P, Philpott R (eds) (2003) Security Assertion Markup Language (SAML). OASIS. www.oasis-open.org/committees/security

  29. Malik T, Szalay AS, Budawari T, Thakar AR (2003) SkyQuery: a Web service approach to federate databases. In: Proc. conference on innovative data systems research (CIDR’03), Asilomar, CA. www-db.cs.wisc.edu/cidr/program/p17.pdf

  30. Papazoglou MP, Georgakopoulos D (2003) Service-oriented computing. Commun ACM 46:25–28

    Article  Google Scholar 

  31. Ray I, Xin T (2003) Concurrent and real-time update of access control policies. In: Proc. 14th international on workshop database and expert systems applications (DEXA’03), Prague, Czech Republic. Lecture notes in computer science, vol 2736. Springer, Berlin Heidelberg New York, pp 330–339

  32. Rees J, Bandyopadhyay S, Spafford EH (2003) PFIRES: A policy framework for information security. Commun ACM 46:101–106

    Article  Google Scholar 

  33. Sandhu RS, Samarati P (1994) Access control: principles and practice. IEEE Commun Mag 32:40–48

    Article  Google Scholar 

  34. Seamons KE, Winslett M, Yu T (2001) Limiting the disclosure of sensitive access control policies during automated trust negotiation. In: Proc. symposium on network and distributed systems security (NDSS’01), San Diego, ISOC, Reston, VA

  35. Skogsrud H, Benatallah B, Casati F (2003) Model-driven trust negotiation for Web services. IEEE Internet Comput 7:45–52

    Article  Google Scholar 

  36. Thatte S (ed) (2003) Business Process Execution Language for Web services (BPEL4WS). www-106.ibm.com/developerworks/library/ws-bpel

  37. Thomas D, Hunt A (2002) State machines. IEEE Softw 19:10–12

    Article  Google Scholar 

  38. UDDI.org (2003) Universal Description, Discovery, And Integration. www.uddi.org

  39. VeriSign (2003) Trust Services Integration Kit (TSIK). (www.xmltrustcenter.org/developer/verisign/tsik) (current April 2003)

  40. W3C (2003) Extensible Markup Language (XML). www.w3.org/XML

  41. Winslett M, Yu T, Seamons KE, Hess A, Jacobson J, Jarvis R, Smith B, Yu L (2002) Negotiating trust on the Web. IEEE Internet Comput 6:30–37

    Article  Google Scholar 

  42. Yu T, Winslett M (2003) A unified scheme for resource protection in automated trust negotiation. In: Proc. IEEE symposium on security and privacy, Berkeley, CA. IEEE Press, Los Alamitos, CA, pp 110–122

  43. Yu T, Winslett M, Seamons KE (2003) Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Trans Inf Syst Secur 6:1–42

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Engineering, University of New South Wales, Sydney, NSW, 2052, Australia

    Halvard Skogsrud & Boualem Benatallah

  2. Hewlett-Packard Laboratories, Palo Alto, CA, 94304, USA

    Fabio Casati

Authors
  1. Halvard Skogsrud
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Boualem Benatallah
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fabio Casati
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Halvard Skogsrud.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Skogsrud, H., Benatallah, B. & Casati, F. A trust negotiation system for digital library Web services. Int J Digit Libr 4, 185–207 (2004). https://doi.org/10.1007/s00799-004-0083-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00799-004-0083-y

Keywords

Search

Navigation