Trust negotiation in a client/server data processing network using automatic incremental credential disclosure

摘要

In client/server computing, especially in the field of e-commerce, digitally signed credentials are passed between client and server to develop trust between the parties. However, this requires that one party disclose its credentials (which could be considered sensitive) to the other party before the disclosing party knows anything about the receiving party (someone has to go first). To solve this problem, the invention implements a negotiation of credential disclosure called automatic incremental credential disclosure. Each credential held at a local site is associated with an access policy which is based on opposing site credentials. Incoming requests for credentials are logically combined with the access policies to derive further negotiation responses.