{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T09:51:14Z","timestamp":1763459474124,"version":"3.45.0"},"reference-count":50,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2008,2,1]],"date-time":"2008-02-01T00:00:00Z","timestamp":1201824000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100006234","name":"Sandia National Laboratories, National Nuclear Security Administration","doi-asserted-by":"publisher","award":["DOE SNL 541065"],"award-info":[{"award-number":["DOE SNL 541065"]}],"id":[{"id":"10.13039\/100006234","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["IIS-0331707CNS-0325951CNS-0524695"],"award-info":[{"award-number":["IIS-0331707CNS-0325951CNS-0524695"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000145","name":"Division of Information and Intelligent Systems","doi-asserted-by":"publisher","award":["IIS-0331707CNS-0325951CNS-0524695"],"award-info":[{"award-number":["IIS-0331707CNS-0325951CNS-0524695"]}],"id":[{"id":"10.13039\/100000145","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2008,2]]},"abstract":"In recent years, trust negotiation has been proposed as a novel authorization solution for use in open-system environments, in which resources are shared across organizational boundaries. Researchers have shown that trust negotiation is indeed a viable solution for these environments by developing a number of policy languages and strategies for trust negotiation that have desirable theoretical properties. Further, existing protocols, such as TLS, have been altered to interact with prototype trust negotiation systems, thereby illustrating the utility of trust negotiation. Unfortunately, modifying existing protocols is often a time-consuming and bureaucratic process that can hinder the adoption of this promising technology.<\/jats:p>\n In this paper, we present Traust, a third-party authorization service that leverages the strengths of existing prototype trust negotiation systems. Traust acts as an authorization broker that issues access tokens for resources in an open system after entities use trust negotiation to satisfy the appropriate resource access policies. The Traust architecture was designed to allow Traust to be integrated either directly with newer trust-aware applications or indirectly with existing legacy applications; this flexibility paves the way for the incremental adoption of trust negotiation technologies without requiring widespread software or protocol upgrades. We discuss the design and implementation of Traust, the communication protocol used by the Traust system, and its performance. We also discuss our experiences using Traust to broker access to legacy resources, our proposal for a Traust-aware version of the GridFTP protocol, and Traust's resilience to attack.<\/jats:p>","DOI":"10.1145\/1330295.1330297","type":"journal-article","created":{"date-parts":[[2008,2,8]],"date-time":"2008-02-08T10:32:16Z","timestamp":1202466736000},"page":"1-33","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":31,"title":["The Traust Authorization Service"],"prefix":"10.1145","volume":"11","author":[{"given":"Adam J.","family":"Lee","sequence":"first","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Marianne","family":"Winslett","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jim","family":"Basney","sequence":"additional","affiliation":[{"name":"National Center for Supercomputing Applications"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Von","family":"Welch","sequence":"additional","affiliation":[{"name":"National Center for Supercomputing Applications"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2008,2,5]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Allcock W. 2003. GridFTP protocol specification. Global Grid Forum Recommendation GFD.20. ⟨http:\/\/www.globus.org\/alliance\/publications\/papers\/GFD-R.0201.pdf⟩."},{"key":"e_1_2_1_2_1","unstructured":"Basney J. 2005. MyProxy protocol. Global Grid Forum Experimental Document GFD-E.54."},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.v35:9"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.9"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/998684.1006922"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","unstructured":"Berners-Lee T. Fielding R. T. and Masinter L. 2005. Uniform resource identifier (URI): Generic syntax. IETF Request for Comments RFC-3986.","DOI":"10.17487\/RFC2396"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","unstructured":"Berners-Lee T. Masinter L. and McCahill M. 1994. Uniform resource locators (URL). IETF Request for Comments RFC-1738.","DOI":"10.17487\/RFC1738"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.5555\/826036.826848"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2004.1318565"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/MARK.1979.8817296"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/352600.352620"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102142"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586114"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","unstructured":"Dierks T. and Allen C. 1999. The TLS protocol version 1.0. IETF Request for Comments RFC-2246.","DOI":"10.17487\/RFC2246"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1983.1056650"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/882494.884417"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1015040.1015044"},{"volume-title":"Proceedings of the Network and Distributed Systems Security Symposium. 203--214","author":"Hess A.","key":"e_1_2_1_18_1","unstructured":"Hess, A., Jacobson, J., Mills, H., Wamsley, R., Seamons, K. E., and Smith, B. 2002. Advanced client\/server authentication in TLS. In Proceedings of the Network and Distributed Systems Security Symposium. 203--214."},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1005140.1005142"},{"key":"e_1_2_1_20_1","unstructured":"ISRL. 2005. Internet security research lab--projects. ⟨http:\/\/isrl.cs.byu.edu\/TrustBuilder.html⟩."},{"volume-title":"Proceedings of the 19th IFIP Information Security Conference (SEC). 151--166","author":"Koshutanski H.","key":"e_1_2_1_21_1","unstructured":"Koshutanski, H. and Massacci, F. 2004a. Interactive access control for web services. In Proceedings of the 19th IFIP Information Security Conference (SEC). 151--166."},{"volume-title":"Proceedings of the Second International Workshop on Formal Aspects in Security and Trust (FAST). 139--152","author":"Koshutanski H.","key":"e_1_2_1_22_1","unstructured":"Koshutanski, H. and Massacci, F. 2004b. Interactive trust management and negotiation scheme. In Proceedings of the Second International Workshop on Formal Aspects in Security and Trust (FAST). 139--152."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/11429760_18"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","unstructured":"Lee A. J. and Winslett M. 2006. Virtual fingerprinting as a foundation for reputation in open systems. In Proceedings of the 4th International Conference on Trust Management (iTrust'06). Number 3986 in Lecture Notes in Computer Science. Springer 236--251. 10.1007\/11755593_18","DOI":"10.1007\/11755593_18"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102129"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/872035.872061"},{"volume-title":"Proceedings of the 3rd DARPA Information Survivability Conference and Exposition. 201--212","author":"Li N.","key":"e_1_2_1_27_1","unstructured":"Li, N. and Mitchell, J. C. 2003. RT: A role-based trust-management framework. In Proceedings of the 3rd DARPA Information Survivability Conference and Exposition. 201--212."},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.5555\/773065.773067"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.pmcj.2005.01.004"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/11748625_14"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","unstructured":"Moats R. 1997. URN syntax. IETF Request for Comments RFC-2141.","DOI":"10.17487\/RFC2141"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/5666.5671"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.5555\/874077.876529"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030101"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.5555\/863632.883495"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","unstructured":"Postel J. and Reynolds J. 1985. File transfer protocol (FTP). IETF Request for Comments RFC-959.","DOI":"10.17487\/RFC0959"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/1063979.1064004"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/11426639_27"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/359168.359176"},{"key":"e_1_2_1_41_1","doi-asserted-by":"crossref","unstructured":"Tuecke S. Welch V. Engert D. Pearlman L. and Thompson M. 2004. Internet X.509 public key infrastructure (PKI) proxy certificate profile. IETF Request for Comments RFC-3820.","DOI":"10.17487\/rfc3820"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/1029133.1029140"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.5555\/822087.823401"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.5555\/863632.883493"},{"volume-title":"Proceedings of the DARPA Information Survivability Conference and Exposition. 88--102","author":"Winsborough W. H.","key":"e_1_2_1_45_1","unstructured":"Winsborough, W. H., Seamons, K. E., and Jones, V. E. 2000. Automated trust negotiation. In Proceedings of the DARPA Information Survivability Conference and Exposition. 88--102."},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2002.1067734"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102144"},{"key":"e_1_2_1_48_1","unstructured":"Ylonen T. and Lonvick C. 2005. SSH transport layer protocol. IETF Network Working Group Internet-Draft."},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/605434.605435"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/508171.508177"}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1330295.1330297","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1330295.1330297","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1330295.1330297","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T09:46:55Z","timestamp":1763459215000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1330295.1330297"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,2]]},"references-count":50,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2008,2]]}},"alternative-id":["10.1145\/1330295.1330297"],"URL":"https:\/\/doi.org\/10.1145\/1330295.1330297","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"type":"print","value":"1094-9224"},{"type":"electronic","value":"1557-7406"}],"subject":[],"published":{"date-parts":[[2008,2]]},"assertion":[{"value":"2006-10-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2007-06-01","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2008-02-05","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}