Trust management in a distributed environment

Cybercrime as well as threats to national security are costing U.S. organizations billions of dollars each year. These organizations could be government organizations, financial corporations, medical hospitals and academic institutions. There is a critical need for organizations to share data within and across the organizations so that analysts could analyze the data, mine the data, and make effective decisions. Each organization could share information within the infosphere of that organization. An infosphere may consist of the data, applications and services that are needed for the operation of the organization. Organizations may share data with one another across what is called a global infosphere that spans multiple infospheres. While access control is an important security concern for organizational data sharing, managing trust is also an important consideration. For example, A may have the authorization to share the data with B, but A may not trust B. Trust management and negotiation has been studied extensively by Winslett et al. and Bertino et al. in the systems TrustBuilder and TrustX. In this paper we will discuss the issues on managing trust in a distributed environment. Much of the discussion is based on the work on secure knowledge management (Bertino et al. 2005).