{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,6]],"date-time":"2026-01-06T13:50:19Z","timestamp":1767707419571,"version":"3.41.0"},"reference-count":32,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2007,7,1]],"date-time":"2007-07-01T00:00:00Z","timestamp":1183248000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2007,7]]},"abstract":"<jats:p>Trust negotiation is a promising approach for establishing trust in open systems, in which sensitive interactions may often occur between entities with no prior knowledge of each other. Although, to date several trust negotiation systems have been proposed, none of them fully address the problem of privacy preservation. Today, privacy is one of the major concerns of users when exchanging information through the Web and thus we believe that trust negotiation systems must effectively address privacy issues in order to be widely applicable. For these reasons, in this paper, we investigate privacy in the context of trust negotiations. We propose a set of privacy-preserving features for inclusion in any trust negotiation system, such as the support for the P3P standard, as well as a number of innovative features, such as a novel format for encoding digital credentials specifically designed for preserving privacy. Further, we present a variety of interoperable strategies to carry on the negotiation with the aim of improving both privacy and efficiency.<\/jats:p>","DOI":"10.1145\/1266977.1266981","type":"journal-article","created":{"date-parts":[[2007,9,14]],"date-time":"2007-09-14T13:44:55Z","timestamp":1189777495000},"page":"12","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":44,"title":["PP-trust-X"],"prefix":"10.1145","volume":"10","author":[{"given":"A.","family":"Squicciarini","sequence":"first","affiliation":[{"name":"Purdue University, West Lafayette, IN"}]},{"given":"E.","family":"Bertino","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN"}]},{"given":"Elena","family":"Ferrari","sequence":"additional","affiliation":[{"name":"Universita' degli Studi dell'Insubria, Varese"}]},{"given":"F.","family":"Paci","sequence":"additional","affiliation":[{"name":"Universita' degli Studi di Milano, Milano"}]},{"given":"B.","family":"Thuraisingham","sequence":"additional","affiliation":[{"name":"The University of Texas at Dallas, Dallas, Texas"}]}],"member":"320","published-online":{"date-parts":[[2007,7]]},"reference":[{"volume-title":"19th International Conference on Data Engineering","author":"Agrawal R.","key":"e_1_2_1_1_1"},{"volume-title":"Fourth IEEE International Workshop on Policies for Distributed Systems and Networks","author":"Bertino E.","key":"e_1_2_1_2_1"},{"volume-title":"4th International Workshop on Privacy Enhancing Technologies","author":"Bertino E.","key":"e_1_2_1_3_1"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2004.1318565"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/352600.352620"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030104"},{"volume-title":"Rethinking Public Key Infrastructure and Digital Credentials","author":"Brands S.","key":"e_1_2_1_7_1"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586114"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/4372.4373"},{"key":"e_1_2_1_10_1","unstructured":"Clark J. 1999. XSL transformations (XSLT). version 1.0 W3C recommendation. Available at: http:\/\/www.w3.org\/TR\/xslt.  Clark J. 1999. XSL transformations (XSLT). version 1.0 W3C recommendation. Available at: http:\/\/www.w3.org\/TR\/xslt."},{"key":"e_1_2_1_11_1","unstructured":"Cranor L. Langherinrigh M. and Marchiori M. 2002. A P3P preference exchange language 1.0 (APPEL1.0). W3C Working Draft.  Cranor L. Langherinrigh M. and Marchiori M. 2002. A P3P preference exchange language 1.0 (APPEL1.0). W3C Working Draft."},{"key":"e_1_2_1_12_1","unstructured":"Cranor L. Langherinrigh M. Marchiori M. Presler-Marsall M. and Reagle J. 2003. P3P- the platform for privacy preferences version 1.1. Available at: http:\/\/www.w3.org\/P3P\/1.1\/.  Cranor L. Langherinrigh M. Marchiori M. Presler-Marsall M. and Reagle J. 2003. P3P- the platform for privacy preferences version 1.1. Available at: http:\/\/www.w3.org\/P3P\/1.1\/."},{"volume-title":"IEEE Symposium on Security and Privacy","author":"Herzberg A.","key":"e_1_2_1_13_1"},{"key":"e_1_2_1_14_1","doi-asserted-by":"crossref","unstructured":"Housley R. Polk W. Ford W. and So D. 2002. Internet X.509 public key infrastructure certificate and certificate revocation List (crl) profile. RFC 3280.   Housley R. Polk W. Ford W. and So D. 2002. Internet X.509 public key infrastructure certificate and certificate revocation List (crl) profile. RFC 3280.","DOI":"10.17487\/rfc3280"},{"key":"e_1_2_1_15_1","unstructured":"IBM. IBM Tivoli privacy wizard. Available at: www.tivoli.resource_center\/maximize\/privacy\/wizard_code.html.  IBM. IBM Tivoli privacy wizard. Available at: www.tivoli.resource_center\/maximize\/privacy\/wizard_code.html."},{"key":"e_1_2_1_17_1","unstructured":"JRC. 2002. JRC P3P resource centre. Available at: http:\/\/p3p.jrc.it.  JRC. 2002. JRC P3P resource centre. Available at: http:\/\/p3p.jrc.it."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1133058.1133066"},{"key":"e_1_2_1_19_1","doi-asserted-by":"crossref","unstructured":"Li N. Du W. and Boneh D. 2003. Oblivious signature-based envelope.  Li N. Du W. and Boneh D. 2003. Oblivious signature-based envelope.","DOI":"10.1145\/872035.872061"},{"key":"e_1_2_1_20_1","unstructured":"Microsoft. 2004. Infocard project. Available at http:\/\/msdn.microsoft.com\/winfx\/reference\/infocard\/default.aspx.  Microsoft. 2004. Infocard project. Available at http:\/\/msdn.microsoft.com\/winfx\/reference\/infocard\/default.aspx."},{"volume-title":"Bit commitment using pseudorandomness. Advances in Cryptology- 89","series-title":"Lecture Notes in Computer Science","author":"Naor M.","key":"e_1_2_1_21_1"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/352600.352609"},{"key":"e_1_2_1_23_1","unstructured":"Seamons K. E. Winslett M. and Yu T. 2001. Limiting the disclosure of Access Control Policies during automated trust negotiation. Network and Distributed System Security Simposium. San Diego CA.  Seamons K. E. Winslett M. and Yu T. 2001. Limiting the disclosure of Access Control Policies during automated trust negotiation. Network and Distributed System Security Simposium. San Diego CA."},{"volume-title":"2nd Workshop on Privacy Enhancing Technologies","author":"Seamons K. E.","key":"e_1_2_1_24_1"},{"volume-title":"Privacy and freedom","author":"Westin A. F.","key":"e_1_2_1_25_1"},{"volume-title":"IEEE 3rd Intl. Workshop on Policies for Distributed Systems and Networks","author":"Winsborough W.","key":"e_1_2_1_26_1"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/644527.644532"},{"volume-title":"DARPA Information Survivability Conference and Exposition","author":"Winsborough W. H.","key":"e_1_2_1_28_1"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2002.1067734"},{"key":"e_1_2_1_30_1","unstructured":"World Wide Web Consortium. References for P3P implementation. Available at: http:\/\/www.w3org\/P3P\/implementations.  World Wide Web Consortium. References for P3P implementation. Available at: http:\/\/www.w3org\/P3P\/implementations."},{"key":"e_1_2_1_31_1","unstructured":"World Wide Web Consortium. Uniform resource identifiers naming and addressing: URIs URLs \u2026 Available at http:\/\/www.w3.org\/addressing.  World Wide Web Consortium. Uniform resource identifiers naming and addressing: URIs URLs \u2026 Available at http:\/\/www.w3.org\/addressing."},{"volume-title":"IEEE Symposium on Security and Privacy, 110","author":"Yu T.","key":"e_1_2_1_32_1"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/605434.605435"}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1266977.1266981","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1266977.1266981","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T14:52:14Z","timestamp":1750258334000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1266977.1266981"}},"subtitle":["A system for privacy preserving trust negotiations"],"short-title":[],"issued":{"date-parts":[[2007,7]]},"references-count":32,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2007,7]]}},"alternative-id":["10.1145\/1266977.1266981"],"URL":"https:\/\/doi.org\/10.1145\/1266977.1266981","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"type":"print","value":"1094-9224"},{"type":"electronic","value":"1557-7406"}],"subject":[],"published":{"date-parts":[[2007,7]]},"assertion":[{"value":"2007-07-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}