Abstract
Web services are increasingly utilized in people’s daily lives to achieve various functionalities. Trustworthiness has become a critical factor for service provision and governance. The lack of effective trust establishment mechanisms impedes the deployment of diverse trust models for web services. One important issue is that collaborating organizations need mechanisms to bridge extant relationships among cooperating parties. Meanwhile, a trust establishment mechanism for web services must ensure privacy and owner control at all times due to the subjectivity of trust relationships. As an alternative and complementary approach to direct trust establishment, we describe an indirect trust establishment mechanism to bridge and build new trust relationships from extant trust relationships with privacy protection. Another issue is the lack of mechanisms that can directly establish trust relationships with privacy-preserving capabilities for web services. Current web service technologies encourage a service requester to reveal all its private attributes in a pre-packaged digital credential to the service provider to fulfill the requirements for verification. This may lead to privacy leakage. We propose a mechanism whereby the service requester discovers the service provider’s requirements from a web service policy document, then formulates a trust primitive by associating a set of attributes in a pre-packaged credential with a semantic name, signed with the requester’s digital signature, to negotiate a trust relationship. Thus the service requester’s privacy is preserved because only those attributes required to build a trust relationship are revealed.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call