Distributed software subjects face the problem of determining one another's trustworthiness. The problem considered herein is managing the exchange of credentials between strangers for the purpose of property-based authentication and authorization when credentials, authenticating properties of the subject, are sensitive. An architecture for trust negotiation between client and server is presented. The notion of a trust negotiation strategy is introduced with respect to an abstract model of trust negotiation. Two strategies with very different properties are defined and analyzed. A language of credential expressions is described, with two example negotiations illustrating the two negotiation strategies ongoing work on policies governing credential disclosure and trust negotiation is disclosed.
展开▼