Modularized Trust Management For Distributed Coalition Environments

Trust Management in distributed systems incorporates partially independent mechanisms to enable collaboration in distributed coalition environment. These modules can be distinguished by their characteristics of independent functionality, providing access control mechanism in decentralized environment, and discovery and management of credential documents including validation and revocation services in distributed context. While a variety of credential validation and transitive trust models have been developed that provide a wide range of semantics including conveyance of credential revocation, currently available trust management systems are paired to a particular certificate validation scheme with a particular transitive trust model. Furthermore, these systems are typically integrated in an ad-hoc manner that restricts the inclusion of alternative components. For example, the various trust management systems presently available provide different model of trust management paired with particular mechanism for credential validation and/or discovery. This pairing not only limits the versatility of the resulting access control frameworks to contexts where both are well suited to the application domain, but also imposes a high implementation cost for investigators and implementers considering alternative abstractions and pairings. Also it restricts the opportunity of configuring a custom trust management system, based on specific requirements, built upon a generic trust management framework. Thus, redesigning of trust management systems as a generic framework of modules remains to be an open problem that needs to be evaluated. VPAF (a Validated and Prolonged Authorization Framework) will separate these components in a manner that permits credential validation and authorization decisions to be managed separately. VPAF is intended to enable vigilant monitoring of prolonged authorization relationships that span mutually distrustful administrative domains such as is common when multiple organizations collaborate.