In automated trust negotiation (ATN), two parties exchange digitally signed credentials that contain attribute information to establish trust and make access control decisions. Because the information in question is often sensitive, credentials are protected according to access control policies. In traditional ATN, credentials are transmitted either in their entirety or not at all. This approach can at times fail unnecessarily, either because a cyclic dependency makes neither negotiator willing to reveal her credential before her opponent, because the opponent must be authorized for all attributes packaged together in a credential to receive any of them, or because it is necessary to fully disclose exact attribute values, rather than merely proving they satisfy some predicate (such as being over 21 years of age). Recently, several cryptographic credential schemes and associated protocols have been developed to address these and other problems. However, they can be used only as fragments of an ATN process. This paper introduces a framework for ATN in which the diverse credential schemes and protocols can be combined, integrated, and used as needed. A policy language is introduced that enables negotiators to specify authorization requirements that must be met by an opponent to receive various amounts of information about certified attributes and the credentials that contain it. The language also supports the use of uncertified attributes, allowing them to be required as part of policy satisfaction, and to place their (automatic) disclosure under policy control.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	W. Bagga and R. Molva. Policy-based cryptography and applications. In Proceedings of the 9th International Conference on Financial Cryptography and Data Security, Feb. 2005.
	2	Dirk Balfanz , Glenn Durfee , Narendar Shankar , Diana Smetters , Jessica Staddon , Hao-Chi Wong, Secret Handshakes from Pairing-Based Key Agreements, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.180, May 11-14, 2003
	3	S. Boeyen, T. Howes, and P. Richard. Internet X.509 Public Key Infrastructure LDAPc2 Schema. IETF RFC 2587, June 1999.
	4	Piero Bonatti , Pierangela Samarati, Regulating service access and information release on the Web, Proceedings of the 7th ACM conference on Computer and communications security, p.134-143, November 01-04, 2000, Athens, Greece  [doi>10.1145/352600.352620]
	5	F. Boudot. Efficient proofs that a committed number lies in an interval. In Advances in Cryptology: EUROCRYPT '00, volume 1807 of Lecture Notes in Computer Science, pages 431--444. Springer, May 2000.
	6	Robert W. Bradshaw , Jason E. Holt , Kent E. Seamons, Concealing complex policies with hidden credentials, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA  [doi>10.1145/1030083.1030104]
	7	Stefan A. Brands, Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy, MIT Press, Cambridge, MA, 2000
	8	Jan Camenisch , Els Van Herreweghen, Design and implementation of the idemix anonymous credential system, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA  [doi>10.1145/586110.586114]
	9	Jan Camenisch , Anna Lysyanskaya, An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation, Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, p.93-118, May 06-10, 2001
	10	David Chaum, Security without identification: transaction systems to make big brother obsolete, Communications of the ACM, v.28 n.10, p.1030-1044, Oct. 1985  [doi>10.1145/4372.4373]
	11	Ronald Cramer , Ivan Damgård, Zero-Knowledge Proofs for Finite Field Arithmetic; or: Can Zero-Knowledge be for Free?, Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology, p.424-441, August 23-27, 1998
	12	R. Cramer, M. K. Franklin, B. Schoenmakers, and M. Yung. Multi-authority secret-ballot elections with linear work. In Advances in Cryptology: EUROCRYPT '96, volume 1070 of Lecture Notes in Computer Science, pages 72--83. Springer, 1996.
	13	Ivan Damgård , Eiichiro Fujisaki, A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order, Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, p.125-142, December 01-05, 2002
	14	Glenn Durfee , Matt Franklin, Distribution chain security, Proceedings of the 7th ACM conference on Computer and communications security, p.63-70, November 01-04, 2000, Athens, Greece  [doi>10.1145/352600.352610]
	15	Keith Frikken , Mikhail Atallah , Jiangtao Li, Hidden access control policies with hidden credentials, Proceedings of the 2004 ACM workshop on Privacy in the electronic society, October 28-28, 2004, Washington DC, USA  [doi>10.1145/1029179.1029186]
	16	A. Hess, J. Jacobson, H. Mills, R. Wamsley, K. E. Seamons, and B. Smith. Advanced client/server authentication in TLS. In Network and Distributed System Security Symposium, pages 203--214, Feb. 2002.
	17	Jason E. Holt , Robert W. Bradshaw , Kent E. Seamons , Hilarie Orman, Hidden Credentials, Proceedings of the 2003 ACM workshop on Privacy in the electronic society, October 30, 2003, Washington, DC  [doi>10.1145/1005140.1005142]
	18	R. Housley, W. Ford, T. Polk, and D. Solo. Internet X.509 Public Key Infrastructure Certificate and CRL Profile. IETF RFC 2459, Jan. 1999.
	19	J. Li and N. Li. OACerts: Oblivious attribute certificates. In Proceedings of the 3rd Conference on Applied Cryptography and Network Security (ACNS), volume 3531 of Lecture Notes in Computer Science, pages 301--317. Springer, June 2005.
	20	Jiangtao Li , Ninghui Li, Policy-hiding access control in open environment, Proceedings of the twenty-fourth annual ACM symposium on Principles of distributed computing, July 17-20, 2005, Las Vegas, NV, USA  [doi>10.1145/1073814.1073819]
	21	J. Li, N. Li, and W. H. Winsborough. Automated trust negotiation using cryptographic credentials. Technical Report CERIAS-TR-2005-59, Center for Education and Research in Information Assurance and Security, Purdue University, Aug. 2005.
	22	Ninghui Li , Wenliang Du , Dan Boneh, Oblivious signature-based envelope, Proceedings of the twenty-second annual symposium on Principles of distributed computing, p.182-189, July 13-16, 2003, Boston, Massachusetts  [doi>10.1145/872035.872061]
	23	Ninghui Li , John C. Mitchell, DATALOG with Constraints: A Foundation for Trust Management Languages, Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages, p.58-73, January 13-14, 2003
	24	Ninghui Li , John C. Mitchell , William H. Winsborough, Design of a Role-Based Trust-Management Framework, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.114, May 12-15, 2002
	25	Ninghui Li , William H. Winsborough , John C. Mitchell, Distributed credential chain discovery in trust management, Journal of Computer Security, v.11 n.1, p.35-86, February 2003
	26	Anna Lysyanskaya , Ronald L. Rivest , Amit Sahai , Stefan Wolf, Pseudonym Systems, Proceedings of the 6th Annual International Workshop on Selected Areas in Cryptography, p.184-199, August 09-10, 1999
	27	Torben P. Pedersen, Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing, Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology, p.129-140, August 11-15, 1991
	28	K. E. Seamons, M. Winslett, and T. Yu. Limiting the disclosure of access control policies during automated trust negotiation. In Proceedings of the Symposium on Network and Distributed System Security (NDSS'01), February 2001.
	29	K. E. Seamons, M. Winslett, T. Yu, L. Yu, and R. Jarvis. Protecting privacy during on-line trust negotiation. In 2nd Workshop on Privacy Enhancing Technologies. Springer-Verlag, Apr. 2002.
	30	William H. Winsborough , Ninghui Li, Protecting sensitive attributes in automated trust negotiation, Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society, p.41-51, November 21-21, 2002, Washington, DC  [doi>10.1145/644527.644532]
	31	N. Li , W. Winsborough, Towards Practical Automated Trust Negotiation, Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02), p.92, June 05-07, 2002
	32	W. H. Winsborough and N. Li. Safety in automated trust negotiation. In Proceedings of the IEEE Symposium on Security and Privacy, pages 147--160, May 2004.
	33	W. H. Winsborough, K. E. Seamons, and V. E. Jones. Automated trust negotiation. In DARPA Information Survivability Conference and Exposition, volume I, pages 88--102. IEEE Press, Jan. 2000.
	34	Marianne Winslett , Ting Yu , Kent E. Seamons , Adam Hess , Jared Jacobson , Ryan Jarvis , Bryan Smith , Lina Yu, Negotiating Trust on the Web, IEEE Internet Computing, v.6 n.6, p.30-37, November 2002  [doi>10.1109/MIC.2002.1067734 ]
	35	Marianne Winslett , Ting Yu , Kent E. Seamons , Adam Hess , Jared Jacobson , Ryan Jarvis , Bryan Smith , Lina Yu, Negotiating Trust on the Web, IEEE Internet Computing, v.6 n.6, p.30-37, November 2002  [doi>10.1109/MIC.2002.1067734 ]
	36	Ting Yu , Marianne Winslett, Policy migration for sensitive credentials in trust negotiation, Proceedings of the 2003 ACM workshop on Privacy in the electronic society, October 30, 2003, Washington, DC  [doi>10.1145/1005140.1005143]
	37	Ting Yu , Marianne Winslett, A Unified Scheme for Resource Protection in Automated Trust Negotiation, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.110, May 11-14, 2003
	38	Ting Yu , Marianne Winslett , Kent E. Seamons, Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation, ACM Transactions on Information and System Security (TISSEC), v.6 n.1, p.1-42, February 2003  [doi>10.1145/605434.605435]