In federated networks, trust management is critical to information sharing and online collaboration. Security tokens provide a way to convey and exchange trust-related information for security and privacy purposes. Common users encounter difficulties when they have to handle security tokens across heterogeneous domains. Semantic gaps and incompatibilities are major barriers for trust-related information exchange in federated trust management. This paper uses intermediary-based, query-based and hybrid approaches to resolve these issues for different types of information in security tokens, and proposes three exchange models accordingly. This paper also provides a comprehensive framework using Web services to exchange security tokens across security domains with suitable approaches and exchange models.
[1]
Mark O'Neill,et al.
Web Services Security
,
2003
.
[2]
N. L. Chervany,et al.
THE MEANINGS OF TRUST
,
2000
.
[3]
Daniel Roth,et al.
Web Services Policy Framework (WS- Policy)
,
2002
.
[4]
Scott Baum.
Security in a Web Services World: A Proposed Architec - ture and Roadmap
,
2002
.
[5]
Marc Branchaud,et al.
A SURVEY OF PUBLIC- KEY INFRASTRUCTURES
,
1997
.
[6]
Giovanni Della-Libera,et al.
Web Services Trust Language (WS-Trust)
,
2002
.
[7]
Joan Feigenbaum,et al.
Decentralized trust management
,
1996,
Proceedings 1996 IEEE Symposium on Security and Privacy.