No Registration Needed: How to Use Declarative Policies and Negotiation to Access Sensitive Resources on the Semantic Web

“…PeerTrust [7] builds upon previous work on policy-based access control and release for the Web and implements automated trust negotiation for such a dynamic environment.…”

“…Protune's rule language extends two previous languages: PAPL [20], which until 2002 was one of the most complete policy languages for trust negotiation, and PeerTrust [7], which supports distributed credentials and a more flexible policy protection mechanism. In addition, the framework features a powerful declarative meta-language for driving some critical negotiation decisions, and integrity constraints for monitoring negotiations and credential disclosure.…”

“…PeerTrust can be used to provide advanced policy-driven negotiations on the Web in order to control access to resources [7,26]. A user receives a signed (by a trusted authority) applet after requesting access to a resource.…”

“…During the past few years, some of the most innovative ideas on security policies arose in the area of automated trust negotiation [44,8,45,7,46,47,48,49,50]. That branch of research considers peers that are able to automatically negotiate credentials according to their own declarative, rule-based policies.…”

“…However, it is not expressive enough (it is a schema, not a language, and only describes purpose for the gathered data) and it does not allow for enforcement mechanisms. On the other hand, there is a wide offer of policy languages that have been developed to date [5,6,7,8], addressing the general requirements for a Semantic Web policy language: expressiveness, simplicity, enforceability, scalability, and analyzability [9]. These policies can be exchanged between entities on the Semantic Web and therefore they are described using languages with well-founded semantics.…”

Rule-Based Policy Representation and Reasoning for the Semantic Web

“…PeerTrust [7] builds upon previous work on policy-based access control and release for the Web and implements automated trust negotiation for such a dynamic environment.…”

“…Protune's rule language extends two previous languages: PAPL [20], which until 2002 was one of the most complete policy languages for trust negotiation, and PeerTrust [7], which supports distributed credentials and a more flexible policy protection mechanism. In addition, the framework features a powerful declarative meta-language for driving some critical negotiation decisions, and integrity constraints for monitoring negotiations and credential disclosure.…”

“…PeerTrust can be used to provide advanced policy-driven negotiations on the Web in order to control access to resources [7,26]. A user receives a signed (by a trusted authority) applet after requesting access to a resource.…”

“…During the past few years, some of the most innovative ideas on security policies arose in the area of automated trust negotiation [44,8,45,7,46,47,48,49,50]. That branch of research considers peers that are able to automatically negotiate credentials according to their own declarative, rule-based policies.…”

“…However, it is not expressive enough (it is a schema, not a language, and only describes purpose for the gathered data) and it does not allow for enforcement mechanisms. On the other hand, there is a wide offer of policy languages that have been developed to date [5,6,7,8], addressing the general requirements for a Semantic Web policy language: expressiveness, simplicity, enforceability, scalability, and analyzability [9]. These policies can be exchanged between entities on the Semantic Web and therefore they are described using languages with well-founded semantics.…”

Rule-Based Policy Representation and Reasoning for the Semantic Web

Ontology-Based Policy Specification and Management

Trust Management with Safe Privilege Propagation