A Trust Management Package for Policy-Driven Protection & Personalization of Web Content

This paper presents an advanced approach to access control on the Web. It presents an easy deployable package that exploits emerging trust negotiation approaches by integrating them in a Web scenario. In such a scenario advance decisions can be made based on expressive conditions, including credentials exchanged among entities in order to establish enough trust to be granted access to a resource, while preserving the privacy of information released. In addition, policies can be used in scripting languages such as JSP in order to personalize dynamically generated content, based on locally stored information or requester information obtained through negotiations. Furthermore, using policies allows us to make use of many of the results in the area, including policy verification techniques and the use of our automatically generated natural language explanations describing e.g., the requirements to be satisfied before access to a resource is granted or why a previous attempt has been denied.