Integrating Trust Profiles, Trust Negotiation, and Attribute Based Access Control

Abstract

Access to sensitive information is traditionally achieved through an authentication and authorization process via a username/password combination to validate a user's identity that is stored within the system being accessed. This method creates delays before sensitive information can be obtained in the circumstance that the user's identity is previously unknown, due to necessary human intervention during the pre-registration process. To expedite the retrieval of sensitive information in time-critical situations, we propose a new model of trust negotiation that defines a new trust profile that contains a collection of credentials describing the user's access history. The new model of trust negotiation utilizes role-based and attribute-based access control as part of the new trust profile to model the sensitivity of information that is being requested, where access is governed by role and credentials captured in attributes. As a result of our work, an authorization system based on trust negotiation can examine the user's history in detail, decide whether to authorize the user, and add its own record of user access to the user's trust profile that can be utilized in future attempts at access at other locations.