We address the problem of authorization in large-scale, open...

We propose a formal model of trust informed by the Global Computing scenario and focusing on the aspects of trust formation, evolution, and propagation. The model is based on a novel notion of trust structures which, building on concepts from trust management and domain theory, feature at the same time a trust and an information partial order.

In this paper, trust-based recommendations control the exchange of personal information between handheld computers. Combined with explicit risk analysis, this enables unobtrusive information exchange, while limiting access to confidential information. This is illustrated with applications such as personal address books and electronic diaries. Recommendations associate categories with data and with each other, with degrees of trust belief and disbelief. Since categories also in turn confer privileges and restrict actions, they are analogous to roles in a Role-Based Access Control system, while principals represent their trust policies in recommendations. Participants first compute their trust in information, by combining their own trust assumptions with others' policies. Actions are then moderated by a risk assessment, which weighs up costs and benefits, including the cost of the user's time, before deciding whether to allow or forbid the information exchange, or ask for help. By unifying trust assessments and access control, participants can take calculated risks to automatically yet safely share their personal information.

Abstract Business Processes for Web Services (BPEL4WS) are the new paradigms for lightweight enterprise integration. They cross organizational boundaries and are provided by entities that see each other just as business partners. Web services require shift in the access control mechanism: from identity-based access control to trust management and negotiation, but this is not enough for cross organizational business processes. For many businesses no partner may guess a priori what kind of credentials will be sent by clients and clients may not know a priori which credentials are required for completing a business process. We propose a logical framework for reasoning about access control for BPEL4WS and a BPEL4WS based implementation using Collaxa server. Our model is based on interaction and exchange of requests for supplying or declining missing credentials. We identify the formal reasoning services (deduction, abduction, consistency checking) that characterise the problem and discuss their implementation.

Business Processes for Web Services are the new paradigm for the lightweight integration of business from different enterprises. Whereas the security and access control policies for basic web services and distributed systems are well studied and almost standardized, there is not yet a comprehensive proposal for an access control architecture for business processes. The major difference is that business process describe complex services that cross organizational boundaries and are provided by entities that sees each other as just partners and nothing else. This calls for a number of differences with traditional aspects of access control architectures such as • credential vs classical user-based access control, • interactive and partner-based vs one-server-gathers-all requests of credentials from clients, • controlled disclosure of information vs all-or-nothing access control decisions, • abducing missing credentials for fulfilling requests vs deducing entailment of valid requests from credentials in formal models, • “source-code ” authorization processes vs data describing policies for communicating policies or for orchestrating the work of authorization servers. Looking at the access control field we find good approximation of most components but not their synthesis into one access control architecture for business processes for web services, which is the contribution of this paper. ∗ This work is partially funded by the IST programme of

Pervasive computing requires some level of trust to be established between entities. In this paper we argue for an entity recognition based approach to building this trust which di#ers from starting from more traditional authentication methods. We also argue for the concept of a "pluggable" recognition module which allows di#erent recognition schemes to be used in di#erent circumstances. Finally, we propose that the trust in the underlying infrastructure has to be taken into account when considering end-to-end trust.

Reproduction of all or part of this work is permitted for educational or research use on condition that this copyright notice is included in any copy. See back inner page for a list of recent BRICS Report Series publications. Copies may be obtained by contacting: BRICS

SPKI/SDSI is a framework for expressing naming and authorization issues arising in...

This article is a literature survey on trust theory, the relationship between trust and security and distribution of trust in networks, especially in distributed and open networks. The article is divided into three sections: trust theory, security principles and trust distribution. The trust theory section looks at the theoretical aspects of trust and shows some of the methods researchers use to quantify trust. The security theory section explains the fundamentals of security and tries to establish a relationship between security and trust. This section also attempts to highlight the significance of trust in distributed network security. The final section considers ad hoc networks as one of the latest paradigms in wireless networking and looks at some proposals and initiatives aimed at establishing trust distribution in ad hoc networks.

Trust management systems are frameworks for authorization in modern distributed systems, allowing remotely accessible resources to be protected by providers. By allowing providers to specify policy, and access requesters to possess certain access rights, trust management automates the process of determining whether access should be allowed on the basis of policy, rights, and an authorization semantics. In this paper we survey modern stateof-the-art in trust management authorization, focusing on features of policy and rights languages that provide the necessary expressiveness for modern practice. We characterize systems in light of a generic structure that takes into account components of practical implementations. We emphasize systems that have a formal foundation, since security properties of them can be rigorously guaranteed. Underlying formalisms are reviewed to provide necessary background.