This Article 
 Bibliographic References 
 Add to: 
Trust-X: A Peer-to-Peer Framework for Trust Establishment
July 2004 (vol. 16 no. 7)
pp. 827-842

Abstract—In this paper, we present {\rm{Trust}}{\hbox{-}}{\cal{X}}, a comprehensive XML-based [12] framework for trust negotiations, specifically conceived for a peer-to-peer environment. Trust negotiation is a promising approach for establishing trust in open systems like the Internet, where sensitive interactions may often occur between entities at first contact, with no prior knowledge of each other. The framework we propose takes into account all aspects related to negotiations, from the specification of the profiles and policies of the involved parties to the selection of the best strategy to succeed in the negotiation. {\rm{Trust}}{\hbox{-}}{\cal{X}} presents a number of innovative features, such as the support for protection of sensitive policies, the use of trust tickets to speed up the negotiation, and the support of different strategies to carry on a negotiation. In this paper, besides presenting the language to encode security information, we present the system architecture and algorithms according to which negotiations can take place.

[1] E. Bertino, E. Ferrari, and A. Squicciarini, ${\cal{X}}{\hbox{-}}{\rm{TNL}}$ An XML Based Language for Trust Negotiations Proc. Fourth IEEE Int'l Workshop Policies for Distributed Systems and Networks, June 2003.
[2] M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis, The KeyNote Trust-Management System RFC 2704, Sept. 1999.
[3] P. Bonatti and P. Samarati, Regulating Access Services and Information Release on the Web Proc. Seventh ACM Conf. Computer and Comm. Security, Nov. 2000.
[4] A. Herzberg et al., "Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers," Proc. IEEE Symp. Security and Privacy, IEEE CS Press, Los Alamitos, Calif., 2000, pp. 2-14.
[5] K.E. Seamons et al., "Requirements for Policy Languages for Trust Negotiation," Proc. 3rd Int'l Workshop Policies for Distributed Systems and Networks (POLICY 02), IEEE CS Press, Los Alamitos, Calif., 2002, pp. 68-79.
[6] K.E. Seamons, M. Winslett, and T. Yu, Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation Proc. Network and Distributed System Security Symp., Feb. 2001.
[7] W. Stallings, Cryptography and Network Security: Principles and Practice, second ed. Prentice Hall, 1999.
[8] Y. Stanley et al., An Internet-Based Negotiation Server for E-Commerce Very LArge Data Bases J., vol. 10, no. 1, pp. 72-90, 2001.
[9] T. Yu, M. Winslett, and K.E. Seamons, Supporting Structured Credentials and Sensitive Policies through Interoperable Strategies for Automated Trust Negotiation ACM Trans. Information and System Security, vol. 6, no. 1, Feb. 2003.
[10] World Wide Web Consortium, The Platform for Privacy Preferences (P3P) 1.0, available at, 2002.
[11] W.H. Winsborough and N. Li, Protecting Sensitive Attributes in Automated Trust Negotiation Proc. ACM Workshop Privacy in the Electronic Soc., Nov. 2002.
[12] World Wide Web Consortium, available athttp:/, 1998.

Index Terms:
Security and protection, access controls, and trust negotiation.
Elisa Bertino, Elena Ferrari, Anna Cinzia Squicciarini, "Trust-X: A Peer-to-Peer Framework for Trust Establishment," IEEE Transactions on Knowledge and Data Engineering, vol. 16, no. 7, pp. 827-842, July 2004, doi:10.1109/TKDE.2004.1318565
Usage of this product signifies your acceptance of the Terms of Use.