1. Using Digital Credentials On The World-Wide Web M. Winslett

2. Introduction Problem Statement –Traditional approaches for authenticating users is not enough to determine different types of users and their authorization to use services. –Internet is an open environment, identity does not give enough information about the authorization of users –Users may not want to reveal their identity if the service does not necessarily relevant with the identity.

3. Example Case Access to ACM SIGMOD web site? –A shared username-password pair for all users Little protection: How to prevent former users? What happens if the users spread password to others? –A username-password pair for each user Administrative overhead Hard to control authorization Strong relation with user identity: Privacy lose –SSL authentication facilities SSL specific identity. Not a portable ID with the user (smartcard?) Revealing browser identity which is irrelevant with access control decisions

4. Digital Credentials Give each ACM SIGMOD member a digital credential issued (signed) by ACM or a trusted party (Verisign). However, server and client software should agree on digital credentials and how they will be handled (authorization?).

5. Personal Security Assistant Obtain, store digital credentials and policies Negotiates with the server to decide which credentials are necessary Attaches credentials to service requests according to client/server policies May archive the credentials (including old ones)

6. Server Security Assistant Store digital credentials and policies Send server policy information and credentials to the client Handle client credentials and credential acceptance policies Assign roles to the users according to credentials Cache credentials if necessary

8. Credentials A digital credential does not need to store information about user’s real life identity –Example: ACM SIGMOD digital credential does not need to store the name of user. Issuer can use local names or public keys of users in digital credentials

9. Credentials Server can challenge the user to verify that he is the user that he is claiming (using PKCS) To reduce the risk of disclosure of the information in digital credentials by the server, the client may request some credentials from server.

10. Policies Server presents a policy to the client to explain what it needs for authorization Client may present own policy that explains what and how it can disclose credentials to the server. Server and Client may not want to reveal whole policy information in one step (step-by-step verification)

11. Trust Negotiation Interactions to setup a trust relationship between client and server is called as trust negotiation. –Client and Server policies, credentials –Client and Server’s agreement on the contents of credentials –Need for a common language for policies and credentials –Authorization and role assignments

12. Trust Negotiation –Categorizing services (to avoid unnecessary amount of policy creation) –Handling complex situations in credentials and policies (e.g. expiry dates, situations that may not be enforceable) –Scalability

13. Supporting Structured Credentials and Sensitive Policies through Interoperable Strategies for Automated Trust Negotiation M. Winslett

14. Ideas Strategy: An ordering of credential disclosures to access a resource (or a service). Between client and server, different strategies may be used. However, the strategies should implement a common basic protocol (TrustBuilder protocol).

16. Private and Trusted Interactions Bharat Bhargava

17. Ideas Formulate trust gain with respect to privacy loss Self descriptiveness Apoptosis (Clean self-destruction) Proximity-based evaporation

19. Summary The language to define policies and credentials is very important in trust negotiation A common protocol for trust negotiation is necessary, but different strategies can be used. Scalability, manageability of the protocols are important. Less human interaction is very important. Privacy loss should be a major concern during trust negotiation.