A trust negotiation system for digital library web services

International Journal on Digital Libraries

Volumn 4, Issue 3, 2004, Pages 185-207

  Skogsrud, Halvard ^a   Benatallah, Boualem ^a   Casati, Fabio ^b  

^a UNIVERSITY OF NEW SOUTH WALES   (Australia)

^b HEWLETT PACKARD LABORATORIES   (United States)

Author keywords

Conceptual modeling; Digital libraries; Lifecycle management; Trust negotiation; Web services

Indexed keywords

EID: 33746699343     PISSN: 14325012     EISSN: 14321300     Source Type: Journal    
DOI: 10.1007/s00799-004-0083-y     Document Type: Article

References (43)

1. Adam NR, Atluri V, Bertino E, Ferrari E (2002) A contentbased authorization model for digital libraries. IEEE Trans Knowl Data Eng 14:296-315
2. Benatallah B, Sheng QZ, Dumas M (2003) The Self-Serv environment forWeb services composition. IEEE Internet Comput 7:40-48
3. Bertino E, Castano S, Ferrari E (2001) On specifying security policies forWeb documents with an XML-based language. In: Proc. 6th ACM symposium on access control models and technologies (SACMAT'01), Chantilly, VA. ACM Press, New York, pp 57-65
4. Bertino E, Ferrari E, Atluri V (2002) The specification and enforcement of authorization constraints in workflow management systems. ACM Trans Inf Syst Secur 2:65-104
5. Bertino E, Ferrari E, Squicciarini AC (2003) χ-TNL: An XML-based language for trust negotiations. In: Proc. 4th international workshop on policies for distributed systems and networks (POLICY'03), Como, Italy
6. Bettini C, Jajodia S, Wang XS, Wijesekera D (2002) Obligation monitoring in policy management. In: Proc. 3rd international workshop on policies for distributed systems and networks (POLICY'02), Monterey, CA. IEEE Press, Los Alamitos, CA, pp 2-12
7. Bettini C, Jajodia S, Wang XS, Wijesekera D (2002) Provisions and obligations in policy management and security applications. In: Proc. 28th conference on very large data bases (VLDB'02), Hong Kong. Morgan Kaufmann, San Francisco, pp 502-513
8. Blaze M, Feigenbaum J, Ioannidis J, Keromytis A (1999) The KeyNote trust-management system. Internet Engineering Task Force RFC 2704. www.rfc-editor.org/rfc/rfc2704.txt
9. Blaze M, Feigenbaum J, Lacy J (1996) Decentralized trust management. In: Proc. IEEE symposium on security and privacy, Oakland, CA. IEEE Press, Los Alamitos, CA, pp 164-173
10. Bonatti P, Samarati P (2002) A unified framework for regulating access and information release on the Web. J Comput Secur 10:241-272
11. Casati F, Ceri S, Pernici B, Pozzi G (1998) Workflow evolution. Data Knowl Eng 24:211-238
12. Casati F, Shan E, Dayal U, Shan MC (2003) Business-oriented management of Web services. Commun ACM 46:55-60
13. Chinnici R, Gudgin M, Moreau JJ, Weerawarana S (2003) Web Service Description Language (WSDL). W3C Working Draft. www.w3.org/TR/wsdl12
14. Clark J, de Rose S (eds) (1999) XML Path Language (XPath) version 1.0. W3C Recommendation. www.w3.org/TR/xpath
15. Curbera F, Duftler M, Khalaf R, Nagy W, Mukhi N, Weerawarana S (2002) Unraveling the Web services web: an introduction to SOAP, WSDL, and UDDI. IEEE Internet Comput 6:86-93
16. Curbera F, Khalaf R, Mukhi N, Tai S, Weerawarana S (2003) The next step in Web services. Commun ACM 46:29-34
17. Ellison C, Frantz B, Lampson B, Rivest R, Thomas B, Ylonen T (1999) SPKI certificate theory. Internet Eng. Task Force RFC 2693. www.rfc-editor.org/rfc/rfc2693.txt
18. Ferraiolo DF, Sandhu R, Gavrila S, Kuhn DR, Chandramouli R (2001) Proposed NIST standard for role-based access control. ACM Trans Inf Syst Secur 4:224-274
19. Ford W, Hallam-Baker P, Fox B, Dillaway B, LaMacchia B, Epstein J, Lapp J (2001) XML Key Management Specification (XKMS). W3C Note. www.w3.org/TR/xkms
20. Grandison T, Sloman M (2000) A survey of trust in Internet applications. IEEE Commun Surv Tutorials 3:2-16
21. Gudgin M, Hadley M, Mendelsohn N, Moreau JJ, Nielsen HF (eds) (2003) SOAP version 1.2. W3C Recommendation. www.w3.org/TR/SOAP
22. Herzberg A, Mass Y, Mihaeli J, Naor D, Ravid Y (2000) Access control meets public key infrastructure, or: assigning roles to strangers. In: Proc. IEEE symposium on security and privacy, Berkeley, CA. IEEE Press, Los Alamitos, CA, pp 2-14
23. Housley R, Ford W, Polk W, Solo D (1999) Internet X.509 public key infrastructure certificate and CRL profile. Internet Engineering Task Force RFC 2459. www.rfc-editor.org/rfc/rfc2459.txt
24. IBM (2003) Emerging Technologies Toolkit (ETTK). www.alphaworks.ibm.com/tech/ettk
25. Li N, Mitchell JC (2003) RT: A Role-based trust-management framework. In: Proc. 3rd DARPA conference and exposition on information survivability (DISCEX'03), Washington, DC. IEEE Press, Los Alamitos, CA, 1:201-212
26. Li N, Mitchell JC, Winsborough WH (2002) Design of a rolebased trust-management framework. In: Proc. IEEE symposium on security and privacy, Berkeley, CA. IEEE Press, Los Alamitos, CA, pp 104-120
27. Liu CT, Chang SK, Chrysanthis PK (1994) Database schema evolution using EVER diagrams. In: Proc. ACM workshop on advanced visual interfaces (AVI'94), Bari, Italy. ACM Press, New York, pp 123-132
28. Maler E, Mishra P, Philpott R (eds) (2003) Security Assertion Markup Language (SAML). OASIS. www.oasis-open.org/committees/security
29. Malik T, Szalay AS, Budawari T, Thakar AR (2003) Sky-Query: a Web service approach to federate databases. In: Proc. conference on innovative data systems research (CIDR'03), Asilomar, CA. www-db.cs.wisc.edu/cidr/program/p17.pdf
30. Papazoglou MP, Georgakopoulos D (2003) Service-oriented computing. Commun ACM 46:25-28
31. Ray I, Xin T (2003) Concurrent and real-time update of access control policies. In: Proc. 14th international on workshop database and expert systems applications (DEXA'03), Prague, Czech Republic. Lecture notes in computer science, vol 2736. Springer, Berlin Heidelberg New York, pp 330-339
32. Rees J, Bandyopadhyay S, Spafford EH (2003) PFIRES: A policy framework for information security. Commun ACM 46:101-106
33. Sandhu RS, Samarati P (1994) Access control: principles and practice. IEEE Commun Mag 32:40-48
34. Seamons KE, Winslett M, Yu T (2001) Limiting the disclosure of sensitive access control policies during automated trust negotiation. In: Proc. symposium on network and distributed systems security (NDSS'01), San Diego, ISOC, Reston, VA
35. Skogsrud H, Benatallah B, Casati F (2003) Model-driven trust negotiation for Web services. IEEE Internet Comput 7:45-52
36. Thatte S (ed) (2003) Business Process Execution Language for Web services (BPEL4WS). www-106.ibm.com/developerworks/library/ws-bpel
37. Thomas D, Hunt A (2002) State machines. IEEE Softw 19: 10-12
38. UDDI.org (2003) Universal Description, Discovery, And Integration. www.uddi.org
39. VeriSign (2003) Trust Services Integration Kit (TSIK). (www.xmltrustcenter.org/developer/verisign/tsik) (current April 2003)
40. W3C (2003) Extensible Markup Language (XML). www.w3.org/XML
41. Winslett M, Yu T, Seamons KE, Hess A, Jacobson J, Jarvis R, Smith B, Yu L (2002) Negotiating trust on the Web. IEEE Internet Comput 6:30-37
42. Yu T, Winslett M (2003) A unified scheme for resource protection in automated trust negotiation. In: Proc. IEEE symposium on security and privacy, Berkeley, CA. IEEE Press, Los Alamitos, CA, pp 110-122
43. Yu T, Winslett M, Seamons KE (2003) Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Trans Inf Syst Secur 6:1-42