Databases Reference
In-Depth Information
chapter is not to discuss the integration of trust management techniques with
database technology. Rather, it is to present problems that arise in designing
and implementing trust management systems, many of which are reminiscent
of problems from database research. In particular, many trust management
systems have foundations based on Datalog, a language used extensively in
deductive database systems. Authorization decisions in this class of trust man-
agement systems are obtained by evaluating a query involving the client and
the requested resource. Evaluation in general requires collecting data and
rules from distributed repositories. Our hope is that these and other overlaps
will stimulate greater interest in trust management issues on the part of the
database community.
The notion of the term “trust management” that we survey in this chap-
ter refers to authorization systems that support principally human agents in
defining security policies based on their own judgments of the characteristics
of system participants. The focus of research in this area is on providing pol-
icy language features and corresponding enforcement mechanisms that meet
the needs of policy authors for requirements such as scalability and high as-
surance in decentralized environments. There is another kind of system some-
times dubbed “trust management” that has a rather different aim, and it
is important to be clear that this other type of system is not a subject of
this chapter. This sort of system is a bit like a reputation system. It seeks
to estimate the trustworthiness of entities within the system by automated
or semi-automated means, by compiling and aggregating the evaluations of
other parties who have interacted with those entities [34].
The remainder of this chapter is structured as follows. In Section 2 we
present the basic notions and aims of trust management. In Section 3 we sur-
vey the principal contributions to the field to date. In Section 4 we discuss
issues in the evaluation of authorization queries based on considerations such
as the distributed definition and storage of credentials and other policy state-
ments. In Section 5 we discuss issues and work in automated trust negotiation.
In Section 6 we discuss open issues and trends.
2 What is Trust Management?
Traditional access control models base authorization decisions on the identity
of the principal who requests a resource. In an operating system, this iden-
tity may be a user name that must appear on an access control list (ACL)
associated with a file, if access to the file is authorized. In a large enterprise,
an identity may be a distinguished name mentioned in a Public Key Infras-
tructure (PKI) certificate. In these and similarly closed environments, the
identities of all authorized resource requesters are presumed to be known to
the resource provider, or at least to some local administrator who aggregates
identities into groups or roles to which the resource provider can grant ac-
cess. However, the number of autonomous services that are administered in
