Token

1
Tokenbased Dynamic Trust Establishment for Web
Services

• Zhengping Wu and Alfred C. Weaver
• Department of Computer Science
• University of Virginia
• March 2005

2
Outline

• Motivation and Contributions
• State of the Art
• Trust Primitive and Selective Disclosure
• Trust Group and Dynamic Validation
• Token-based Solution for Web Service Trust
  Establishment
• Conclusion and Future Work

3
Motivation - 1
4
Motivation - 2

• Need for trust relationships in web services
  environment
• Need for security and privacy protection for
  sensitive information
• Need for better mechanisms to address information
  leakage in trust establishment processes
• Need for dynamic capability to keep track of
  changes in trust relationships

5
Contributions

• The proposed trust establishment mechanism fully
  protects the requesters privacy.
• The proposed trust establishment mechanism is
  capable of disclosing private attributes
  selectively.
• The proposed trust establishment mechanism allows
  the established trust relationship to be updated
  by following the changes of the service
  providers policy.

6

• Motivation and Contributions
• State of the Art
• Trust Primitive and Selective Disclosure
• Trust Group and Dynamic Validation
• Token-based Solution for Web Service Trust
  Establishment
• Conclusion and Future Work

7
State of the Art

• Identity-based trust establishment mechanisms
  (common in e-commerce)
• Role-based trust establishment mechanisms
• Group-based trust establishment mechanisms

8

• Motivation and Contributions
• State of the Art
• Trust Primitive and Selective Disclosure
• Trust Group and Dynamic Validation
• Token-based Solution for Web Service Trust
  Establishment
• Conclusion and Future Work

9
Selective Disclosure

• Causes of information leakage in real life trust
  establishment
• A credential may not be used for its intended
  purpose
• A pre-packaged credential may reveal more
  information than is necessary
• Selective Disclosure
• Use of available pre-packaged credentials
• Control of information disclosure with credential
  holders will
• Trust primitive

10
Trust Primitive
11
Trust Primitive
12

• Motivation and Contributions
• State of the Art
• Trust Primitive and Selective Disclosure
• Trust Group and Dynamic Validation
• Token-based Solution for Web Service Trust
  Establishment
• Conclusion and Future Work

13
Dynamic Validation

• Representation of the established trust
  relationship
• Trust group element in security token
• Requirement of trust group element in policy
• Same policy with same trust group name
• Dynamic validation
• Change of policy indicates new trust relationship
• Change of policy requires revalidation of trust
  group element

14
Trust Group

• Banking Customers share the same set of
  requirements in policy 1.
• Mortgage Customers share the same set of
  requirements in policy 2.

15

• Motivation and Contributions
• State of the Art
• Trust Primitive and Selective Disclosure
• Trust Group and Dynamic Validation
• Token-based Solution for Web Service Trust
  Establishment
• Conclusion and Future Work

16
Architecture of the Solution
17

• Motivation and Contributions
• State of the Art
• Trust Primitive and Selective Disclosure
• Trust Group and Dynamic Validation
• Token-based Solution for Web Service Trust
  Establishment
• Conclusion and Future Work

18
Conclusion

• The proposed trust establishment mechanism
• allows the requestor to control what attributes
  are disclosed to the service provider
• avoids disclosing more than is necessary which
  may happen with pre-packaged credentials
• dynamically negotiates new credentials as
  necessary to follow changes in policy

19
Future work

• Extension of trust primitive and trust group
  mechanisms
• to allow privacy control during delegation
• to allow privacy protection during delegation

20
The End

• Questions?