Learn More
We introduce the provisional trust negotiation framework PROTUNE, for combining distributed trust management policies with provisional-style business rules and access-control related actions. The framework features a powerful declarative metalanguage for driving some critical negotiation decisions, and integrity constraints for monitoring negotiations and(More)
Gaining access to sensitive resources on the Web usually involves an explicit registration step, where the client has to provide a predetermined set of information to the server. The registration process yields a login/password combination , a cookie, or something similar that can be used to access the sensitive resources. In this paper we show how an(More)
Researchers have recently begun to develop and investigate policy languages to describe trust and security requirements on the Semantic Web [14, 24]. Such policies will be one component of a run-time system that can negotiate to establish trust on the Semantic Web. In this paper, we show how to express different kinds of access control policies and control(More)
Semantic Web Services enable the dynamic discovery of services based on a formal, explicit specification of the requester needs. The actual Web Services that will be used to satisfy the requester's goal are selected at run-time and, therefore, they are not known beforehand. As a consequence, determining whether the selected services can be trusted becomes(More)
Grid computing allows sharing of services and resources ac-cross institutions. However, current Grid security mechanisms for au-thentication and authorization are too rigid and they lack the ability to determine how " trustworthy " the result obtained from a specific provider is likely to be. This paper describes the different facets associated to Trust and(More)
Trust management is currently being tackled from two different perspectives: a " strong and crisp " approach, where decisions are founded on logical rules and verifiable properties encoded in digital credentials, and a " soft and social " approach, based on reputation measures gathered and shared by a distributed community. We analyze the differences(More)
The Semantic Web aims at enabling sophisticated and autonomic machine to machine interactions without human intervention, by providing machines not only with data but also with its meaning (semantics). In this setting, traditional security mechanisms are not suitable anymore. For example, identity-based access control assumes that parties are known in(More)
Distributed peer-to-peer and grid infrastructure require distributed access control mechanisms. These mechanisms can be implemented in distributed trust management infrastructures and usually require reasoning on more than one peer, as soon as authority is delegated or requests involve several authorities. Building on previous work of the authors which(More)