the complexity of the framework. Proving which guarantees the protocol can offer in terms of interoperability, completeness and correctness when applied to a practical policy language is still an open process and will be a subject of future research.
In the direction of mutual negotiation, future work is to explore the interoperability of the nego- tiation framework with the TrustBuilder prototype (Yu, Winslett, & Seamons, 2003). We believe that this is an important step toward building a secure open computing environment.
AcknOwledgMent
This work was partly supported by the proj- ects: 2003-S116-00018 PAT-MOSTRO, 016004 IST-FP6-FET-IP-SENSORIA, 27587 IST-FP6-
IP-SERENITY, 038978 EU-MarieCurie-EIF- iAccess, 034744 EU-INFSO-IST ONE, 034824 EU-INFSO-IST OPAALS.
references
Apt, K. (1990). Logic programming. In J. van Leeuwen (Ed.), Handbook of theoretical computer science. Elsevier.
Atluri, V., Chun, S. A., & Mazzoleni, P. A (2001). Chinese wall security model for decentralized workflow systems. In Proceedings of the Eighth ACM conference on Computer and Communica- tions Security (pp. 48-57).
Bertino, E., Catania, B., Ferrari, E., & Perlasca, P. (2001). A logical framework for reasoning about access control models. In Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies (SACMAT) (pp. 41-52).
Bertino, E., Ferrari, E., & Atluri, V. (1999) The specification and enforcement of authorization constraints in workflow management systems.
ACM Transactions on Information and System Security (TISSEC), 2(1), 65-104.
Bonatti, P., & Samarati, P. (2002). A unified fra- mework for regulating access and information release on the Web. Journal of Computer Security, 10(3), 241-272.
Damianou, N., Dulay, N., Lupu, E., & Sloman, M. (2001). The Ponder policy specification language. In Proceedings of the International Workshop on Policies for Distributed Systems and Networks (POLICY) (pp. 18-38).
De Capitani di Vimercati, S., & Samarati, P. (2001). Access control: Policies, models, and mechanism. In R. Focardi & F. Gorrieri (Eds.), Foundations of security analysis and design - Tutorial lectures
(vol. 2171 of LNCS). Springer-Verlag.
Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B. M., & Ylonen, T. (1999, September). SPKI certificate theory. IETF RFC, 2693. Gelfond, M., & Lifschitz, V. (1988). The stable model semantics for logic programming. In R. Kowalski & K. Bowen (Eds.), Proceedings of the Fifth International Conference on Logic Programming (ICLP’88) (pp. 1070-1080). Georgakopoulos, D., Hornick, M. F., & Sheth, A. P. (1995, April). An overview of workflow management: From process modeling to work- flow automation infrastructure. Distributed and Parallel Databases 3(2), 119-153.
Kang, M. H., Park, J. S., & Froscher, J. N. (2001). Access control mechanisms for interorganizatio- nal workflow. In Proceedings of the Sixth ACM Symposium on Access Control Models and Tech- nologies (pp. 66-74).
Koshutanski, H. (2005). Interactive access control for autonomic systems. Unpublished doctoral dissertation, University of Trento, Italy.
Koshutanski, H., & Massacci, F. (2007). A nego- tiation scheme for access rights establishment in autonomic communication. Journal of Network and System Management (JNSM), 15(1), 117- 136.
Li, J., Li, N., & Winsborough, W. H. (2005). Automated trust negotiation using cryptogra- phic credentials. In Proceedings of the 12th ACM
Conference on Computer and Communications Security (pp. 46-57).
Li, N., Grosof, B. N., & Feigenbaum, J. (2003). Delegation logic: A logic-based approach to distributed authorization. ACM Transactions on Information and System Security (TISSEC), 6(1), 128-171.
Li, N., & Mitchell, J. C. (2003). RT: A role-based trust-management framework. In Proceedings
of the Third DARPA Information Survivability Conference and Exposition (DISCEX III) (pp. 201-212).
Li, N., Mitchell, J. C., & Winsborough, W. H. (2002). Design of a role-based trust management framework. In Proceedings of IEEE Symposium on Security and Privacy (S&P) (pp. 114-130). Lymberopoulos, L., Lupu, E., & Sloman, M. (2003). An adaptive policy based framework for network services management. Plenum Press Journal of Network and Systems Management, 11(3), 277-303.
Ruan, C., Varadharajan, V., & Zhang, Y. (2003). A logic model for temporal authorization de- legation with negation. In C. Boyd & W. Mao (Eds.), Proceedings of the Sixth International Conference on Information Security (ISC), 2851
(pp. 310-324).
SAML. (2004). Security assertion markup language (SAML). Retrieved from http://www. oasis-open.org/committees/security
Sandhu, R., Coyne, E., Feinstein, H., & Youman, C. (1996). Role-based access control models. IEEE Computer, 39(2), 38-47.
Seamons, K., Winslett, M., & Yu, T. (2001). Li- miting the disclosure of access control policies during automated trust negotiation. In Network and Distributed System Security Symposium. San Diego, CA.
Shanahan, M. (1989). Prediction is deduction but explanation is abduction. In Proceedings of IJCAI’89 (pp. 1055-1060). Morgan Kaufmann. Sloman, M., & Lupu, E. (1999). Policy specifica- tion for programmable networks. In Proceedings of the First International Working Conference on Active Networks (pp. 73-84).
Smirnov, M. (2003). Rule-based systems security model. In Proceedings of the Second International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security (MMM-ACNS) (pp. 135-146).
SPKI. (1999). SPKI certificate theory. IETF RFC, 2693. Retrieved from, http://www.ietf. org/rfc/rfc2693.txt
Weeks, S. (2001). Understanding trust mana- gement systems. IEEE Symposium on Security and Privacy.
Winsborough, W., & Li, N. (2004). Safety in automated trust negotiation. In Proceedings of the IEEE Symposium on Security and Privacy
(pp. 147-160).
WS-Security. (2006). Web services security (WS- security). Retrieved from http://www.oasis-open. org/committees.wss
X.509. (2001). The directory: Public-key and attri- bute certificate frameworks. ITU-T Recommenda- tion X.509:2000(E) | ISO/IEC 9594-8:2001(E). XACML. (2004). eXtensible Access Control Markup Language (XACML). Retrieved from http://www.oasis-open.org/committees/xacml Yu, T., & Winslett, M. (2003). A unified scheme for resource protection in automated trust nego- tiation. In Proceedings of the IEEE Symposium on Security and Privacy (pp. 110-122).
Yu, T., Winslett, M., & Seamons, K. E. (2003). Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Transactions on Information and System Security (TISSEC), 6(1), 1-42.