Trust management (information system)
Encyclopedia
In information system
and information technology
, trust management is an abstract system that processes symbolic representations of social trust, usually to aid automated decision-making process. Such representations, e.g. in a form of cryptographic credentials, can link the abstract system of trust management with results of trust assessment. Trust management is popular in implementing information security
, specifically access control
policies.
The concept of trust management has been introduced by Blaze to aid the automated verification of actions against security policies. In this concept, actions are allowed if they demonstrate sufficient credentials, irrespective of their actual identity, separating symbolic representation of trust from the actual person.
Trust management can be best illustrated through the everyday experience of tickets. One can buy a ticket that entitles him e.g. to enter the stadium. The ticket acts as a symbol of trust, stating that the bearer of the ticket has paid for his seat and is entitled to enter. However, once bought, the ticket can be transferred to someone else, thus transferring such trust in a symbolic way. At the gate, only the ticket will be checked, not the identity of a bearer.
Web Services Trust Language (WS-Trust) brings trust management into the environment of web services. The core proposition remain generally unchanged: the Web Service (verifier) is accepting a request only if the request contains proofs of claims (credentials) that satisfy the policy of a Web Service.
It is also possible to let technical agents monitor each others' behaviour and respond accordingly by increasing or decreasing trust. Such systems are collectively called Trust-Based Access Control (TBAC) and their applicability have been studied for several different application areas.
An alternative view on trust management questions the possibility to technically manage trust, and focuses on supporting the proper assessment of the extent of trust one person has in the other.
Information system
An information system - or application landscape - is any combination of information technology and people's activities that support operations, management, and decision making. In a very broad sense, the term information system is frequently used to refer to the interaction between people,...
and information technology
Information technology
Information technology is the acquisition, processing, storage and dissemination of vocal, pictorial, textual and numerical information by a microelectronics-based combination of computing and telecommunications...
, trust management is an abstract system that processes symbolic representations of social trust, usually to aid automated decision-making process. Such representations, e.g. in a form of cryptographic credentials, can link the abstract system of trust management with results of trust assessment. Trust management is popular in implementing information security
Information security
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
, specifically access control
Access control
Access control refers to exerting control over who can interact with a resource. Often but not always, this involves an authority, who does the controlling. The resource can be a given building, group of buildings, or computer-based information system...
policies.
The concept of trust management has been introduced by Blaze to aid the automated verification of actions against security policies. In this concept, actions are allowed if they demonstrate sufficient credentials, irrespective of their actual identity, separating symbolic representation of trust from the actual person.
Trust management can be best illustrated through the everyday experience of tickets. One can buy a ticket that entitles him e.g. to enter the stadium. The ticket acts as a symbol of trust, stating that the bearer of the ticket has paid for his seat and is entitled to enter. However, once bought, the ticket can be transferred to someone else, thus transferring such trust in a symbolic way. At the gate, only the ticket will be checked, not the identity of a bearer.
Overview
Trust management can be seen as a symbol-based automation of social decisions related to trust, where social agents instruct their technical representations how to act while meeting technical representations of other agents. Further automation of this process can lead to automated trust negotiations (e.g. see Winslett) where technical devices negotiate trust by selectively disclosing credential, according to rules defined by social agents that they represent.Web Services Trust Language (WS-Trust) brings trust management into the environment of web services. The core proposition remain generally unchanged: the Web Service (verifier) is accepting a request only if the request contains proofs of claims (credentials) that satisfy the policy of a Web Service.
It is also possible to let technical agents monitor each others' behaviour and respond accordingly by increasing or decreasing trust. Such systems are collectively called Trust-Based Access Control (TBAC) and their applicability have been studied for several different application areas.
An alternative view on trust management questions the possibility to technically manage trust, and focuses on supporting the proper assessment of the extent of trust one person has in the other.