Trust negotiation
Encyclopedia
Trust Negotiation is an approach to gradually establishing trust between strangers online through the iterative exchange of digital credential
s. In contrast to a closed system, where the interacting entities have a preexisting relationship (often proved by typing a username and password
), trust negotiation is an open system, and complete strangers can build trust in one another. This is done by disclosing digital credentials.
Digital credentials are the computer analog to paper credentials, such as a driver's license, credit card, or student ID. Rather than proving the credential owner's identity, digital credentials assert that their owner possesses certain attributes. A student might receive a credential from his or her university that certifies that they are a student at that university. The student could then use that credential, for example, to prove they are a student in order to qualify for a student discount at an online bookstore. Credentials are digitally signed
in order to allow third parties to verify them.
Researchers at Brigham Young University
built a software prototype of trust negotiation called TrustBuilder. TrustBuilder uses X.509
certificates as its credentials and runs on top of several common Internet protocols, including HTTP, TLS
, and SSH
. Researchers from the University of Illinois at Urbana-Champaign
are working on the next-generation version of TrustBuilder, titled TrustBuilder2.
Digital credential
Digital credentials are the digital equivalent of paper-based credentials. Just as a paper-based credential could be a passport, a Driver's license, a membership certificate or some kind of ticket to obtain some service, such as a cinema ticket or a public transport ticket, a digital credential is...
s. In contrast to a closed system, where the interacting entities have a preexisting relationship (often proved by typing a username and password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
), trust negotiation is an open system, and complete strangers can build trust in one another. This is done by disclosing digital credentials.
Digital credentials are the computer analog to paper credentials, such as a driver's license, credit card, or student ID. Rather than proving the credential owner's identity, digital credentials assert that their owner possesses certain attributes. A student might receive a credential from his or her university that certifies that they are a student at that university. The student could then use that credential, for example, to prove they are a student in order to qualify for a student discount at an online bookstore. Credentials are digitally signed
Digital signature
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...
in order to allow third parties to verify them.
Researchers at Brigham Young University
Brigham Young University
Brigham Young University is a private university located in Provo, Utah. It is owned and operated by The Church of Jesus Christ of Latter-day Saints , and is the United States' largest religious university and third-largest private university.Approximately 98% of the university's 34,000 students...
built a software prototype of trust negotiation called TrustBuilder. TrustBuilder uses X.509
X.509
In cryptography, X.509 is an ITU-T standard for a public key infrastructure and Privilege Management Infrastructure . X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation...
certificates as its credentials and runs on top of several common Internet protocols, including HTTP, TLS
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
, and SSH
Secure Shell
Secure Shell is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client...
. Researchers from the University of Illinois at Urbana-Champaign
University of Illinois at Urbana-Champaign
The University of Illinois at Urbana–Champaign is a large public research-intensive university in the state of Illinois, United States. It is the flagship campus of the University of Illinois system...
are working on the next-generation version of TrustBuilder, titled TrustBuilder2.
External links
- Internet Security Research Lab A research lab that has done research on many areas of trust negotiation.
- PeerTrust: Automated Trust Negotiation for Peers on the Semantic Web In the PeerTrust project we are developing and investigating policy languages to describe trust and security requirements on the Semantic Web. Such policies will be one component of a run-time system that can negotiate to establish trust on the Semantic Web. The PeerTrust system uses guarded distributed logic programs as the basis for a simple yet expressive policy and trust negotiation language, built upon the rule layer of the Semantic Web layer cake.