Marianne Winslett and Ting Yu University of Illinois at Urbana-Champaign Kent E. Seamons, Adam Hess, Jared Jacobson, Ryan Jarvis, Bryan Smith, and Lina Yu Brigham Young University Negotiating Trust on the Web To enable interactions across security domain boundaries, the TrustBuilder trust negotiation system establishes trust between strangers by gradually disclosing credentials. I ncreased connectivity and data avail- ability enable new ways of conduct- ing business, but they also create new security vulnerabilities. For example, to streamline a financial transaction, an organization might want to give certain strangers — that is, parties from outside its security domain — access to some of its local resources. Before doing so, how- ever, the organization must establish firm policies outlining the types of strangers who can access the resources, as well the types of data and services the organiza- tion will make available to them. Tradi- tional access-control policies describe access conditions in terms that only apply to parties within the local security domain. Clearly, new kinds of access- control policies are needed. Trust negotiation can allow strangers to access sensitive data and services on the Internet. 1,2 Trust negotiation is the itera- tive disclosure of credentials and requests for credentials between two parties, with the goal of establishing sufficient trust so that the parties can complete a transac- tion. Trust negotiation should be ubiqui- tous: available anytime, anywhere, at all layers of software, wherever strangers might wish to interact, including mobile devices and intelligent environments. Tra- ditional approaches to establishing trust either minimize security measures (for example, they do not verify credentials) or assume that the parties are not strangers and can present a local identity (login, capability, or credential) to obtain service. Trust management systems such as Poli- cyMaker, 3 KeyNote, 4 simple public key infrastructure/simple distributed security infrastructure (SPKI/SDSI), 5 and Delega- tion Logic 6 support delegation of author- ity, but are not helpful for establishing trust between strangers using general- purpose credentials. Our system, TrustBuilder, supports automated trust negotiation between strangers on the Internet. TrustBuilder lets negotiating parties disclose relevant dig- ital credentials and access-control poli- cies and establish the trust necessary to complete their interaction (see the side- bar, “TrustBuilder in Action,” for an example scenario). TrustBuilder is intend- 30 NOVEMBER • DECEMBER 2002 http://computer.org/internet/ 1089-7801/02/$17.00 ©2002 IEEE IEEE INTERNET COMPUTING The Technology of Trust