Automated cross-organisational trust establishment on extranets

Trust management is an important aspect of information security in an organisation. It involves the complexity of relationships among people, computers and the organisational system. It becomes even more complex in the virtual enterprise environment where cross-organisational activities are involved. This paper presents a new paradigm for establishing trust across multiple organisations for external users on extranets. In our approach, the authorities of organisations administer their local users and at the same time can act as trust agents for distributing trust management information for other users in the virtual enterprise. Trust is propagated in the form of trust tokens through the web of trust. After collecting these trust tokens as recommendations, a new users can submit them to his destined organisation in order to acquire secure trust relation. By representing trust with a quantitative and comparable value, an automated mechanism for composing trust tokens is demonstrated.