Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form
D-Scholarship @ Pitt Banner and Links to Homepage

The traust authorization Service

Lee, AJ and Winslett, M and Basney, J and Welch, V (2008) The traust authorization Service. ACM Transactions on Information and System Security, 11 (1). ISSN 1094-9224

[img] Plain Text (licence)
Available under License : See the attached license file.
Download (1kB)

Abstract

In recent years, trust negotiation has been proposed as a novel authorization solution for use in open-system environments, in which resources are shared across organizational boundaries. Researchers have shown that trust negotiation is indeed a viable solution for these environments by developing a number of policy languages and strategies for trust negotiation that have desirable theoretical properties. Further, existing protocols, such as TLS, have been altered to interact with prototype trust negotiation systems, thereby illustrating the utility of trust negotiation. Unfortunately, modifying existing protocols is often a time-consuming and bureaucratic process that can hinder the adoption of this promising technology. In this paper, we present Traust, a third-party authorization service that leverages the strengths of existing prototype trust negotiation systems. Traust acts as an authorization broker that issues access tokens for resources in an open system after entities use trust negotiation to satisfy the appropriate resource access policies. The Traust architecture was designed to allow Traust to be integrated either directly with newer trust-aware applications or indirectly with existing legacy applications; this flexibility paves the way for the incremental adoption of trust negotiation technologies without requiring widespread software or protocol upgrades. We discuss the design and implementation of Traust, the communication protocol used by the Traust system, and its performance. We also discuss our experiences using Traust to broker access to legacy resources, our proposal for a Traust-aware version of the GridFTP protocol, and Traust's resilience to attack. © 2008 ACM.

Share

Citation/Export:
Social Networking:
Share |

Details

Item Type: Article
Status: Published
Creators/Authors:
CreatorsEmailPitt UsernameORCID
Lee, AJadamlee@pitt.eduADAMLEE
Winslett, M
Basney, J
Welch, V
Date: 1 February 2008
Date Type: Publication
Journal or Publication Title: ACM Transactions on Information and System Security
Volume: 11
Number: 1
DOI or Unique Handle: 10.1145/1330295.1330297
Schools and Programs: Dietrich School of Arts and Sciences > Computer Science
Refereed: Yes
ISSN: 1094-9224
Date Deposited: 16 Nov 2012 21:28
Last Modified: 02 Feb 2019 16:56
URI: http://d-scholarship.pitt.edu/id/eprint/16453

Metrics

Monthly Views for the past 3 years

Plum Analytics

Altmetric.com

Actions (login required)

View Item View Item