Towards standards-compliant trust negotiation for web services

Abstract

Web services are a powerful distributed computing abstraction in that they enable users to develop workflows that incorporate data and information processing services located in multiple organizational domains. Fully realizing the potential of this computing paradigm requires a flexible authorization mechanism that can function correctly without a priori knowledge of the users in the system. Trust negotiation has been proposed as a viable solution to this problem, but doing so within the framework provided by existing web services standards remains an unsolved problem. In this paper, we show how existing web services standards can be extended to enable fully standards-compliant support for trust negotiation. We also show that it is possible to compile trust negotiation policies specified using the WS-SecurityPolicy standard into a representation that is suitable for analysis by CLOUSEAU, a highly-efficient trust negotiation policy compliance checker. Lastly, we show that the TrustBuilder2 framework for trust negotiation can be parameterized to act as a trust engine that can be used by the WS-Trust standard to facilitate these negotiations. © 2008 International Federation for Information Processing.