Abstract
Service-oriented architecture (SOA) and Software as a Service (SaaS) are the latest hot topics to software manufacturing and delivering, and attempt to provide a dynamic cross-organisational business integration solution. In a dynamic cross-organisational collaboration environment, services involved in a business process are generally provided by different organisations, and lack supports of common security mechanisms and centralized management middleware. On such occasions, services may have to achieve middleware functionalities and achieve business objectives in a pure peer-to-peer fashion. As the participating services involved in a business process may be selected and combined at run time, a participating service may have to collaborate with multiple participating services which it has no pre-existing knowledge in prior. This introduces some new challenges to traditional trust management mechanisms. Automated Trust Negotiation (ATN) is a practical approach which helps to generate mutual trust relationship for collaborating principals which may have no pre-existing knowledge about each other without in a peer-to-peer way. Because credentials often contain sensitive attributes, ATN defines an iterative and bilateral negotiation process for credentials exchange and specifies security policies that regulate the disclosure of sensitive credentials. Credentials disclosure in the iterative process may follow different orders and combinations, each of which forms a credential chain. It is practically desirable to identify the optimal credential chain that satisfies certain objectives such as minimum release of sensitive information and minimum performance penalty. In this paper we present a heuristic and context-aware algorithm for identifying the optimal chain that uses context-related knowledge to minimize 1) the release of sensitive information including both credentials and policies and 2) the cost of credentials retrieving. Moreover, our solution offers a hierarchical method for protecting sensitive policies and provides a risk-based strategy for handling credential circular dependency. We have implemented the ATN mechanisms based on our algorithm and incorporated them into the CROWN Grid middleware. Experimental results demonstrate their performance-related advantages over other existing solutions.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Bonatti P, Olmedilla D (2005) Driving and monitoring provisional trust negotiation with metapolicies. In: Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY’05). Stockholm, Sweden, pp 14–23
Skogsrud H, Benatallah B et al (2004) Trust-Serv: model-driven lifecycle management of trust negotiation policies for web services. In: Proceeding of 13th World Wide Web Conference (WWW2004). New York, NY, pp. 53–62
Shinghal R (1992) Formal concepts in artificial intelligence. Chapman & Hall, Ltd., London, UK
Huai J, Hu C et al (2007) CROWN: a service grid middleware with trust management mechanism. Sci China Ser F: Inf Sci 49(6):731–758
Schuldt H, Alonso G et al (2002) Atomicity and isolation for transactional processes. ACM Trans Database Syst 27(1):63–116
Bonatti PA, Samarati P (2003) A uniform famework for regulating access and information release on the web. J Comput Secur 10(3):241–271
Seamons KE, Winslett M et al (2001) Limiting the disclosure of access control policies during automated trust negotiation. In: Network and Distributed System Security Symposium (NDSS 2001). San Diego, California
Chen W, Clarke L et al (2005) Optimizing cost-sensitive trust-negotiation protocols. In: Proceedings of the 24th Conference of the IEEE Communications Society (Infocom 2005). Miami, FL
Winsborough WH, Seamons KE et al (1999) Negotiating disclosure of sensitive credentials. In: Second Conference on Security in Communication Networks (SCN 99). Amalfi Italy
Yao D, Frikken KB et al (2006) Point-based trust: define how much privacy is worth. In: 8th International Conference of Information and Communications Security (ICICS 2006). Raleigh, NC, USA, pp 190–209
Li J, Li N (2005) OACerts: oblivious attribute certificates. IEEE Trans Dependable Sec Comput 3(4):340–352
Li J, Li N (2006) A construction for general and efficient oblivious commitment based envelope protocols. In: Information and Communications Security. Raleigh, NC, USA, pp 122–138
Cornelli F, Damiani E et al (2002) Choosing reputable servents in a P2P network. In: the 11th international conference on World Wide Web. Honolulu, Hawaii, USA, pp 376–386
Damiani E, Vimercati S et al (2002) A reputation-based approach for choosing reliable resources in peer-to-peer networks. In: the 9th ACM Conference on Computer & Communication Security. Washington, DC, USA, pp 207–216
Kamvar SD, Schlosser MT et al (2003) The Eigentrust algorithm for reputation management in P2P networks In: Proceedings of the 12th international conference on World Wide Web. Budapest, Hungary, pp 640–651
Nejdl W, Olmedilla D et al (2004) PeerTrust: supporting reputation-based trust for peer-to-peer electronic communities. IEEE Trans Knowl Data Eng 16(7):843–857
Dejene E, Scuturici V-M et al (2008) Hybrid approach to collaborative context-aware service platform for pervasive computing. J Comput 3(1):40–50
Nils N (1971) Problem solving methods in artificial intelligence. McGraw-Hill Book Co, New York, NY
Bertino E, Ferrari E et al (2004) Trust-X: a peer to peer framework for trust negotiations. IEEE Trans on Knowl Data Eng 16(7):827–841
Yu T, Winslett XMM (2000) PRUNES: an efficient and complete strategy for automated trust negotiation over the internet. In: Conference on Computer and Communications Security(CCS00). Athens, Greece, pp 210–219
Yu T (2003) Automated trust establishment in open systems. University of Illinois at. Urbana-Champaign. PhD Thesis, Isllinois
Acknowledgment
This work is partially supported by grants from China 863 High-tech Program (No. 2007AA01Z426, 2007AA01Z120, 2007AA010301), China 973 Fundamental R&D Program (No. 2005CB321803) and National Natural Science Funds for Distinguished Young Scholar (No. 60525209), and National Natural Science Foundation of China and the Research Grants Council of Hong Kong Joint Research Scheme (No.60731160632).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Li, J., Zhang, D., Huai, J. et al. Context-aware trust negotiation in peer-to-peer service collaborations. Peer-to-Peer Netw. Appl. 2, 164–177 (2009). https://doi.org/10.1007/s12083-009-0029-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-009-0029-7