Privacy preserving trust authorization framework using XACML

Abstract

Nowadays many organizations share sensitive services
through open network systems and this raises the need
for an authorization framework that can interoperate
even when the parties have no pre-existing
relationships. Trust Negotiation is the process used to
establish these first relationships, through the transfer
of attributes, embedded in digital credentials, between
the two parties. However, these attributes may
themselves be considered sensitive and so may need
protection from disclosure. In some environments, the
policies that govern the protected services may also be
considered sensitive and their release to arbitrary
strangers may leak confidential business information.
This paper describes a way to unify the protection of
services, sensitive credentials and policies in a
synchronized trustworthy manner. We propose a trust
authorization framework (TAF) that builds on the
capabilities of XACML to support the bilateral
exchange of policies and credentials through trust
negotiation.