Interactive access control allows a server to compute and communicate on the fly the missing credentials to a client and to adapt its responses on the basis of presented and declined credentials. Yet, it may disclose too much information on which credentials a client needs. Automated trust negotiation allows for a controlled disclosure on which credentials a client has during a mutual disclosure process. Yet, it requires prearranged policies and sophisticated strategies. How do we bootstrap from simple security policies a comprehensive interactive trust management and negotiation scheme that combines the best of both worlds without their limitations? This is the subject of the present paper.