A negotiation-based trust establishment service for CROWN grid

In order to build trust relationship between service requesters and service providers in an open grid computing environment, we design a novel negotiation-based trust establishment service, which supports distributed credential chain construction and privacy preservation to enhance the grid security infrastructure. In this service, we develop a novel credential chain aware negotiation strategy for trust establishment on the fly by gradually disclosing credentials according to various access control policies. This strategy can protect sensitive credentials, partial credential chains and sensitive information in an access control policies based on two concepts: soft protection and hard protection. What's more, a credential federation mechanism is designed for this service when the negotiators use heterogeneous security infrastructures, for example, Kerberos and PKI. Our approach has been successfully implemented as useful components and fundamental security services in the CROWN grid, and techniques such as trust tickets and policy caching that can greatly increase service efficiency are used. Comprehensive experiments have been conducted, which demonstrate our approach is feasible.