Open distributed environments like the World Wide Web offer easy sharing of information, but provide few options for the protection of sensitive information and other sensitive resources. Typically, this protection is based on the assumption that a requester is already known by the server (e.g., by means of previous registration and user/password authentication mechanisms). This way, the server is able to map the identity of the requester into a permissions table in order to grant or deny access to a resource. Nowadays, due to the success of the WWW and therefore to the big amount of potential users a server might have, maintaining a table of authorizations based on identities is no longer desirable. Specifically, the Web provides an environment where parties may make connections and interact without being previously known to each other. In many cases, before any meaningful interaction starts, a certain level of trust must be established from scratch through an exchange of information between the two parties. However, the more a personal information is sensitive the more it cannot be candidly disclosed to an unknown party, thus trust establishment should proceed by means of bilateral steps, i.e. it should be negotiated.
展开▼