[1] J. P. Anderson, “Information Security in a Multi-user Computer Environment”, Advances in Computers, Vol. 12 (1972): 1–35. (New York: Academic Press, 1973).
[2] L. Lamport, “Password Authentication with Insecure Communications,” Communications of the ACM 24 (1981): 770–771.
[3] B. C. Neuman and T. Ts’o, “Kerberos: An Authentication Service for Computer Networks,” IEEE Communications 32(9) (1994): 33–38.
[4] M. Gasser, A. Goldstein, C. Kaufman, and B. Lampson, “The Digital Distributed System Security Architecture,” Proceedings of the 12th National Security Conference, Baltimore, MD, 1989, pp. 305–319.
[5] OASIS, “Assertions and Protocol for the OASIS Security Assertion Mark-up Language (SAML),” OASIS Standard V1.1 (oasis-sstc-saml-core-1.1), Sept. 2, 2003.
[6] OASIS, “OASIS eXtensible Access Control Mark-up Language 2 (XACML),” OASIS Standard Version 2.0, Feb. 1, 2005.
[7] D. Denning, “A Lattice Model of Secure Information Flow,” Communications of the ACM 19(5) (1976): 236–243.
[8] D. E. Bell and L. LaPadula, “Secure Computer Systems: Unified Exposition and Multics Interpretation,” Mitre Corporation, Technical Report MTR-2997, Bedford, MA, 1976.
[9] American National Standards Institute, “ANSI INCITS 359-2004 for Role Based Access Control,” American National Standards Institute, New York, NY, 2004.
[10] R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, “Role-Based Access Control Models,” IEEE Computer 29(2) (1996): 38–47.
[11] D. Ferraiolo, D. R. Kuhn, and R. Chandramouli, Role-Based Access Control, 2nd ed. (Boston: Artech House, 2007).
[12] E. Bertino, S. Castano, and E. Ferrari, “Securing XML Documents with Author-X,” IEEE Internet Computing 5(3) (2001): 21–31.
[13] International Organization for Standardization and International Electrotechnical Commission, “Information Technology—Open Systems Interconnection—Security Frameworks for Open Systems: Part 3: Access Control Framework,” Geneva, Switzerland: ISO/IEC, 1996.
[14] P. Mazzoleni, E. Bertino, B. Crispo, and S. Sivasubramanian, “XACML Policy Integration Algorithms: Not to be Confused with XACML Policy Combination Algorithms!,” 11th ACM Symposium on Access Control Models and Technologies, Lake Tahoe, CA 2006, pp. 219–227.
[15] E. Bertino, B. Catania, M. L. Damiani, and P. Persasca, “GEO-RBAC: A Spatially Aware RBAC,” Proceedings of 10th Symposium on Access Control Models and Technologies, Stockholm, Sweden 2005, pp. 29–37.
[16] A. Kini and J. Choobineh, “Trust in Electronic Commerce: Definition and Theoretical Considerations,” Proceedings of Thirty-first Annual Hawaii International Conference on System Sciences, Kohala Coast, HI 1998, pp. 51–61.
[17] T. Grandison and M. Sloman, “A Survey of Trust in Internet Applications,” IEEE Communications Surveys and Tutorials 3(4) (2000), pp. 2–16
[18] M. Blaze, J. Feigenbaum, and J. Lacy, “Decentralized Trust Management,” Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA, 1996, pp. 164–173.
[19] E. Bertino, E. Ferrari, and A. C. Squicciarini, “Trust-X: A Peer-to-Peer Framework for Trust Establishment,” IEEE Transactions on Knowledge and Data Engineering 16(7) (2004): 827–842.
[20] A. C. Squicciarini, E. Bertino, E. Ferrari, F. Paci, and B. Thuraisingham, “PP-Trust-X: A System for Privacy Preserving Trust Negotiations,” ACM Transactions on Information and Systems Security 10(3) (2007) to appear.
[21] A. C. Squicciarini, E. Bertino, E. Ferrari, and I. Ray, “Achieving Privacy in Trust Negotiations with an Ontology-Based Approach,” IEEE Transactions on Dependable and Secure Computing 3(1) (2006): 13–30.
[22] A. C. Squicciarini, A. Trombetta, and E. Bertino, “K-Anonymity-Based Trust Negotiations,” Submitted to 9th International Conference on Information and Communications Security, Zhengzhou, China, 12–15 December, 2007.
[23] A. C. Squicciarini, A. Trombetta, and E. Bertino, “Supporting Robust and Secure Interactions in Open Domains through Recovery of Trust Negotiations,” in 27th IEEE International Conference on Distributed Computing Systems (ICDCS 2007), Toronto, Canada, 2007, p. 57.
[24] A. Bhargav-Spantzel, A. C. Squicciarini, and E. Bertino, “Integrating Federated Digital Identity Management and Trust Negotiation,” IEEE Security & Privacy 5(2) (2007): 55–64.
[25] R. Bhatti, A. Ghafoor, E. Bertino, and J.B.D. Joshi, “X-GTRBAC: An XML-Based Policy Specification Framework and Architecture for Enterprise-Wide Access Control,” ACM Transactions on Information and Systems Security 8(2) (2005): 187–227.
[26] Open GIS Consortium, “Open GIS Simple Features Specification for SQL,” Open GIS Consortium Revision 1.1, 1999.
[27] Internet2/MACE, “Shibboleth Project Homepage,” at http://www.shibboleth.internet2.edu.
[28] Eclipse Foundation, “Higgins Trust Framework Project Homepage,” at http://www.eclipse.org/higgins.
[29] K. Cameron, “Windows CardSpace Design Rational,” at http://www.identityblog.com.
[30] OpenID Community, “OpenID Project Wiki,” at http://www.openid.net/wiki/index.php/MainPage.
[31] J. Camenisch and E. V. Herreweghen, “Design and Implementation of the Idemix Anonymous Credential System,” Proceedings of the 9th ACM Conference on Computer and Communications Security (Washington, DC: ACM Press, 2002), 21–30.
[32] R. Xue, A. Bhargav-Spantzel, A. C. Squicciarini, and E. Bertino, “Efficient Identity Theft Prevention Using Aggregated Proof of Knowledge,” ACM Transactions on Information and System Security, (in press).