This Article 
 Bibliographic References 
 Add to: 
Modeling Trust Negotiation for Web Services
February 2009 (vol. 42 no. 2)
pp. 54-61
Halvard Skogsrud, ThoughtWorks
Hamid R. Motahari-Nezhad, University of New South Wales
Boualem Benatallah, University of New South Wales
Fabio Casati, University of Trento
As Web services become more widely adopted, developers must cope with the complexity of evolving trust negotiation policies spanning numerous autonomous services. The Trust-Serv framework uses a state-machine-based modeling approach that supports life-cycle policy management and automated enforcement.

1. A. Herzberg et al., "Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers," Proc. 2000 IEEE Symp. Security and Privacy (SP 00), IEEE CS Press, 2000, pp. 2-14.
2. T. Grandison and M. Sloman, "A Survey of Trust in Internet Applications," IEEE Comm. Surveys &Tutorials, Oct. 2000, pp. 2-16.
3. E. Bertino, E. Ferrari, and A.C. Squicciarini, "Trust-X: A Peer-to-Peer Framework for Trust Establishment," IEEE Trans. Knowledge and Data Sharing, July 2004, pp. 827-842.
4. T. Yu, M. Winslett, and K.E. Seamons, "Supporting Structured Credentials and Sensitive Policies through Interoperable Strategies for Automated Trust Negotiation," ACM Trans. Information and System Security, Feb. 2003, pp. 1-42.
5. M. Winslett et al., "Negotiating Trust on the Web," IEEE Internet Computing, Nov./Dec. 2002, pp. 30-37.
6. K.E. Seamons, M. Winslett, and T. Yu, "Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation," Proc. 2001 Network and Distributed System Security Symp. (NDSS 01), Internet Society, 2001; seamons.pdf.
7. H. Skogsrud, B. Benatallah, and F. Casati, "Trust-Serv: Model-Driven Lifecycle Management of Trust Negotiation Policies for Web Services," Proc. 13th Int'l Conf. World Wide Web (WWW 04), ACM Press, 2004, pp. 53-62.
8. E. Bertino, E. Ferrari, and A.C. Squicciarini, "Privacy-Preserving Trust Negotiations," Privacy Enhancing Technologies, LNCS 3424, Springer, 2004, pp. 283-301.
9. H. Skogsrud, B. Benatallah, and F. Casati, "Model-Driven Trust Negotiation for Web Services," IEEE Internet Computing, Nov./Dec. 2003, pp. 42-52.
10. H. Skogsrud et al., "Managing Impacts of Security Protocol Changes in Service-Oriented Applications," Proc. 29th Int'l Conf. Software Engineering (ICSE 07), IEEE CS Press, 2007, pp. 468-477.
11. D.F. Ferraiolo et al., "Proposed NIST Standard for Role-Based Access Control," ACM Trans. Information and System Security, Aug. 2001, pp. 224-274.
12. H. Skogsrud et al., "Trust-Serv: A Lightweight Trust Negotiation Service," Proc. 30th Int'l Conf. Very Large Databases (VLDB 04), VLDB Endowment, 2004, pp. 1329-1332.
13. J. Rees et al., "PFIRES: A Policy Framework for Information Security," Comm. ACM, July 2003, pp. 101-106.
14. D. Basin, J. Doser, and T. Lodderstedt, "Model Driven Security: From UML Models to Access Control Infrastructures," ACM Trans. Software Eng. and Methodology, Jan. 2006, pp. 39-91.

Index Terms:
security, privacy, trust negotiation, Web services, software engineering, trust management
Halvard Skogsrud, Hamid R. Motahari-Nezhad, Boualem Benatallah, Fabio Casati, "Modeling Trust Negotiation for Web Services," Computer, vol. 42, no. 2, pp. 54-61, Feb. 2009, doi:10.1109/MC.2009.56
Usage of this product signifies your acceptance of the Terms of Use.