Trust negotiation is an authorization approach for open distributed systems, such as dynamic coalitions and other types of virtual organizations. Under the trust negotiation approach to authorization, every resource that might be shared within the coalition is protected by an access policy that describes the attributes of those qualified to access it (e.g., employer, job title, role, age). Each party collects digital credentials, such as X.509 attribute certificates or SAML assertions, from credential issuers who can attest to that party's attributes. At run time, a resource owner and potential client exchange information on their access policies and attributes, to determine whether the client possesses the attributes necessary to gain access, and vice versa. Trust negotiation has a firm theoretical foundation and a number of freely available implementations.
展开▼
