 |
 |
| Protune: PROvisional TrUst NEgotiation |  |
|
|
Introduction Motivation Security, Privacy and Trust management is crucial for an application or for a website to succeed. Information leakage or security breaches may provoke countless consequences. Furthermore, a system that enforces security and privacy but is not usable or understandable by its users is also doomed to fail. Imagine a user providing a credit card in a website and receiving a simple "Unauthorized transaction". The user does not understand what the problem is, and therefore it also cannot take any action in order to solve it. Adding security to an application or website should not be done at the cost of users. Instead, the system should remain understandable and cooperative: explaining why access is denied and what to do in order to be granted access. Challenges Any framework intended to enforce security on a system must consider and target both its security administrators and its users. In particular, the Protune framework addresses, among others, the following challenges:
The Protune framework has been developed as part of a collaboration between L3S Research Center and Naples University. It provides a very powerful and flexible policy language able to encode among others security and privacy policies, business rules and trust management policies. Two parties using Protune can (possibly automatically) negotiate access to resources, that is, information and credentials can be iteratively released to the other party, therefore reducing the information exchanged to the minimum required and hence helping to preserve privacy. Furthermore, after each step, the entity receiving a message (or the final decision taken by the other party) can generate natural language explanations describing the situation of the negotiation (or why - respectively why not - access is granted - respectively denied). Potential applications & future issues |
|
 |
||
|
For questions about the Protune framework or this website, please send an e-mail to protune-users@L3S.de |
||
Securing an application or a website in a powerful and flexible way is typically a complex task. Furthermore, the system must not only enforce security but also be understandable and cooperative to users. Instead of returning simple "Access denied" messages, it should explain why the access is denied and/or what to do in order to be granted access. 
Highlights
Protune can be easily integrated in existing java applications. Currently, in addition to the individual components, we provide two application scenarios: a peer-to-peer negotiation tool and a negotiation-enabled web server. The former consist on a simple stand-alone application that demonstrates how two entities can exchange information in order to decide whether access should be granted or denied. The latter enables a negotiation-aware website in which static documents may be protected by policies. It also enables policy-driven personalization by generating content in dynamic pages based on the information provided at run-time by a requester.