skip to main content
10.1145/1167253.1167304acmconferencesArticle/Chapter ViewAbstractPublication Pagesacm-seConference Proceedingsconference-collections
Article

Token-based dynamic trust establishment for web services

Published: 18 March 2005 Publication History

Abstract

Despite recent advances in trust relationship control mechanisms, issues remain that impede the development of effective trust models. One of these is the lack of dynamic mechanisms that can simultaneously achieve both privacy and efficiency when establishing a new trust relationship. Current techniques encourage the client to reveal more attributes than may be required by the web service (resulting in a lack of privacy) or else engage in negotiation with the web service to discover and then serially provide the claims required (resulting in a lack of efficiency). We propose a method whereby the client discovers the web service's requirements from the service's policy document, then formulates a single trust primitive by associating a set of client attributes with an identifier, all signed with the token holder's digital signature. This technique allows the client to form trust relationships dynamically and efficiently. Client privacy is preserved because only those attributes required to access the web service are revealed.

References

[1]
Health Care Portability and Accountability Act, Public Law 104--191, http://aspe.hhs.gov/admnsimp/pl104191.htm, August 1996.
[2]
D. Ferraiolo et al. "Proposed NIST Standard for Role-Based Access Control". ACM Trans. Information and System Security (TISSEC), August 2001, 4(3) pp. 224--274.
[3]
Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman, "Role-based access control models", IEEE Computer, 1996, 20(2), pp. 38--47.
[4]
David W. Chadwick, Alexander Otenko, Edward Ball. "Implementing Role Based Access Controls Using X.509 Attribute Certificates", IEEE Internet Computing, March-April 2003, pp. 62--69.
[5]
Eric Freudenthal, Tracy Pesin, Lawrence Port, Edward Keenan, Vijay Karamcheti, "dRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments", Proceedings of 22nd International Conference on Distributed Computing Systems, 2002, pp. 411--420.
[6]
Fred B. Schneider, "Least Privilege and More", IEEE Security and Privacy, September-October 2003, 1(3), pp. 55--59.
[7]
M. Vandenwauver, R. Govaerts, J. Vandewalle, "Role based access control in distributed systems", Communications and Multimedia Security, 1997 volume 3, pp. 169--177.
[8]
James Van Dyke. "Establishing Federated Trust Networks Among Web Services", B. S. thesis, University of Virginia, March 2004.
[9]
Ninghui Li, John C. Mitchell, William H. Winsborough. "Design of a Role-Based Trust-Management Framework", Proceedings of the 2002 IEEE Symposium on Security and Privacy, Washington, DC, USA, pp. 114--130.
[10]
Don Box et al. "Simple Object Access Protocol (SOAP) 1.1", http://www.w3.org/TR/2000/NOTE-SOAP-20000508/, May 2000.
[11]
A Joint White Paper from IBM Corporation and Microsoft Corporation, "Security in a Web Services World: A Proposed Architecture and Roadmap", http://msdn.microsoft.com/library/enus/dnwssecur/html/securitywhitepaper.asp, April 2002.
[12]
Steve Anderson, et al., "Web Services Trust Language (WS-Trust)", http://msdn.microsoft.com/ws/2004/04/ws-trust/, May 2004.
[13]
Chris Kaler et al., "Web Services Security (WS-Security)", http://msdn.microsoft.com/library/enus/dnglobspec/html/ws-security. asp, April 2002.
[14]
AC Weaver, SJ Dwyer, AM Snyder, J Van Dyke, J Hu, X Chen, T Mulholland, "Federated, Secure Trust Networks for Distributed Healthcare IT Services", Proceedings of IEEE International Conference on Industrial Informatics, August 2003, pp. 162--169.

Cited By

View all
  • (2009)Towards security in decentralized workflows2009 International Conference on Ultra Modern Telecommunications & Workshops10.1109/ICUMT.2009.5345606(1-6)Online publication date: Oct-2009

Index Terms

  1. Token-based dynamic trust establishment for web services

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      ACMSE '05 vol 2: Proceedings of the 43rd annual ACM Southeast Conference - Volume 2
      March 2005
      430 pages
      ISBN:1595930590
      DOI:10.1145/1167253
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 18 March 2005

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. dynamic trust establishment
      2. privacy
      3. security token
      4. web service

      Qualifiers

      • Article

      Conference

      ACM SE05
      Sponsor:
      ACM SE05: ACM Southeast Regional Conference 2005
      March 18 - 20, 2005
      Georgia, Kennesaw

      Acceptance Rates

      Overall Acceptance Rate 502 of 1,023 submissions, 49%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)3
      • Downloads (Last 6 weeks)1
      Reflects downloads up to 20 Jan 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2009)Towards security in decentralized workflows2009 International Conference on Ultra Modern Telecommunications & Workshops10.1109/ICUMT.2009.5345606(1-6)Online publication date: Oct-2009

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media