A Framework for Dependable Trust Negotiation in Open Environments

Abstract

Automated Trust Negotiation (TN) is a promising approach to allow strangers to access sensitive data and services in open environments, such as the Web. Although the amount of literature on TN is growing, two key issues have still to be addressed. The first one concerns a typical feature of real-life negotiations: we are usually willing to trade the disclosure of personal attributes in exchange for additional services and only in a particular order (according to our preferences). The second issue concerns dependability. By their nature TN systems are used in unreliable open contexts where it is important not only to protect negotiations against malicious attack, but also against accidental failures.In this paper we address the foregoing issues proposing a novel framework for dependable TN where services, needed credentials, and behavioral constraints on the disclosure of privileges are bundled together. The framework also supports clients and servers that have a hierarchy of preferences among the different bundles.