Trust enhanced distributed authorisation for web services

•We propose trust enhanced authorisation architecture for distributed web services.•We develop a hybrid trust model incorporating both ‘hard’ and ‘soft’ trusts.•We illustrate a practical implementation for securing distributed applications.•Our approach enhances secure decision making with dynamic security threats.

In this paper, we propose a trust enhanced distributed authorisation architecture (TEDA) that provides a holistic framework for authorisation taking into account the state of a user platform. The model encompasses the notions of ‘hard’ and ‘soft’ trust to determine whether a platform can be trusted for authorisation. We first explain the rationale for the overall model and then describe our hybrid model with ‘hard’ and ‘soft’ trust components, followed by a description of the system architecture. We then illustrate our implementation of the proposed architecture in the context of authorisation for web services. We discuss the results and demonstrate that such a trust enhanced approach could enable better authorisation decision making, especially in a distributed environment where user platforms are subject to dynamic security threats.