Trust negotiation is a term that applies to the way sensitive information is shared between two or more parties over the Internet. The growth of the World Wide Web has made it relatively easy for people from different corners of the globe to reach out to people they do not even know. Before they can share sensitive information with each other, a certain level of trust has to be established through the process of trust negotiation.
The whole aim of a trust negotiation is to establish some order in which the manner of information is shared over the World Wide Web. The Web is an open system with limited tools to control the way in which strangers share and access sensitive information. Trust negotiations seek to limit this leakage of information through several steps that serve to establish and identify others in open systems with the aim of verifying information and building trust before any serious interactions can occur.
The establishment of trust between two strangers is bi-directional, meaning that the two parties are often unwilling to share any sensitive information until both parties have proved their trustworthiness through the trust negotiation process. Examples of places on the Web where trust negotiation is vital include Web sites on financial services, health services and even social services.
For instance, a person trying to gain access to an online bank account will have to go through the trust negotiation process with the bank's server before establishing that the bank account belongs to him or her. Usually, the way to establish this trust is by providing digital credentials, which is a two-way affair between the account holder and the bank's server. The account holder initiates the trust negotiations by going to the bank’s Web site and giving his or her username. The server will verify this information before going to another page where the account holder can verify a predetermined symbol associated with the account to prove that the Web site is legitimate.
By this stage a bi-directional trust negotiation has occurred, and the account holder can fill in his or her password to establish identity as the account owner. If the password is correct, the account holder will be allowed access to the account so that the real interaction can occur. Some Web sites even go as far as storing information regarding the account owner's primary computer and will require additional information if he or she tries to access the account from a different computer. This is simply another level added to the sequence for establishing trust and a simple illustration to help understand the concept of trust negotiation.