Using Web Service Enhancements to Establish Trust Relationships with Privacy Protection (Extended and Invited from ICWS 2006 with id 47)

Abstract

The lack of effective trust establishment mechanisms impedes the deployment of diverse trust models for web services. One issue is that collaborating organizations need mechanisms to bridge extant relationships among cooperating parties. We describe an indirect trust establishment mechanism to bridge and build new trust relationships from extant trust relationships with privacy protection. Another issue is that a trust establishment mechanism for web services must ensure privacy and owner control. Current web service technologies encourage a service requester to reveal all its private attributes in a pre-packaged credential to the service provider to fulfill the requirements for direct trust establishment. This may lead to privacy leakage. We propose a mechanism whereby the service requester discovers the service provider’s requirements from a policy document, then formulates a trust primitive by selectively disclosing attributes in a pre-packaged credential to negotiate a trust relationship. Thus the service requester’s privacy is preserved.