Automated trust negotiation (ATN) is an approach that establishes mutual trust between strangers wishing to share resources or conduct business by gradually requesting and disclosing digitally signed credentials. Generally, the digital credentials themselves contain sensitive information that a subject does not want to reveal to any strangers, so for each credential there is usually an access control policy (a policy for short) associated with it, governing the disclosure of credentials. An automated trust negotiation strategy needs to be adopted to establish trust between two strangers based on the policies for sensitive credentials. An automated trust negotiation strategy determines the search for a successful negotiation. The negotiation strategy controls which credentials are disclosed, when they are disclosed, which credentials are requested from other subject. The negotiation strategy also determines when the negotiation is terminated.
Two different kinds of negotiation strategies have been proposed by some researchers. The first is eager strategy that discloses a credential as soon as the policy for this credential is satisfied, ensuring a successful negotiation in a minimum number of rounds. However, this negotiation strategy may disclose many credentials unnecessarily. At the other extreme, the second is parsimonious strategy that discloses credentials only after each subject determines that trust can be established, avoiding unnecessary credential disclosure. But this negotiation strategy, in the worst case, may bring exponential communication cost when two subjects have many credentials and complex policies for these credentials.
Based on the two strategies, Prudent Negotiation Strategy (PRUNES) that is a depth first search of certain areas of an AND/OR tree. PRUNES guarantees that trust is established whenever possible based on backtracking. On the other hand, PRUNES ensures that no irrelevant credentials are disclosed during a negotiation. In the worst case, its communication cost and computational complexity are O(n2) and O(m * n) ...