Traust is a stand-alone authorization service that provides clients with the ability to acquire access tokens for networked resources at runtime. Traust uses automated trust negotiation to provide bilateral trust establishment, discovery of resource access policies at runtime, and protection of client and resource privacy. Upon satisfying the access policy for a particular resource, the Traust server issues the access requestor one or more access tokens needed to access that resource. The format of these credentials is not restricted by Traust, they can be of whatever format is required by the resource in question (e.g., SAML, X.509, etc.). In this way, Traust maps users' attributes into access credentials that are locally meaningful to the resource that is to be accessed. Traust enhances the ease with which authorized users can access resources within large-scale heterogeneous open systems and supports both loose integration with legacy services and tighter integration with trust-aware resources.
Publications
A.J. Lee, M. Winslett, J. Basney, and V. Welch, "The Traust Authorization Service,"
ACM Transactions on Information and System Security, (to appear). [Preprint
PDF]
A.J. Lee, M. Winslett, J. Basney, and V. Welch, "Traust: A Trust Negotiation-Based
Authorization Service for Open Systems," Proceedings of the Eleventh ACM Symposium
on Access Control Models and Technologies (SACMAT 2006), June 2006. [PDF]
People
All e-mail
addresses are in the cs.uiuc.edu domain unless noted otherwise.