We are designing and implementing TrustBuilder, an architecture for trust negotiation. To enable interaction across security domain boundaries, the TrustBuilder trust negotiation system establishes trust between strangers by gradually disclosing credentials. TrustBuilder is intended for use in any situation where two entities from different security domains need to establish trust---B2B and retail interactions, cooperative work and joint ventures, medical records, mobile computing, and so on. To reach our goal of ubiquitous, scalable trust negotiation, we are designing and implementing reusable TrustBuilder components in a variety of computational environments: Web application servers, simple object access protocol (SOAP) remote procedure calls, SSL/TLS, and Internet protocol security (IPsec). Our two working TrustBuilder prototypes support X.509v3 certificates as the credential format and XML as the policy language. The policy language and compliance checker use IBM Research's Trust Establishment software.
M.
Winslett, T. Yu, K. E. Seamons, A. Hess, J. Jacobson, R. Jarvis,
B. Smith, and L. Yu, "Negotiating Trust on the Web."
IEEE Internet Computing, November/December 2002.
Click on images to see enlarged versions...