Abstract
As once-proprietary mission-specific information systems migrate
onto the Web, traditional security analysis cannot sufficiently
protect each subsystem atomically. The Web encourages open,
decentralized systems that span multiple administrative domains.
Trust Management (TM) is an emerging framework for decentralizing
security decisions that helps developers and others in asking
``why'' trust is granted rather than immediately focusing on ``how'' cryptography can enforce it. \\ In this paper, we recap the basic
elements of Trust Management: principles, principals, and
policies. We present pragmatic details of Web-based TM technology
for identifying principals, labeling resources, and enforcing
policies. We sketch how TM might be integrated into Web
applications for document authoring and distribution, content
filtering, and mobile code security. Finally, we measure today's
Web protocols, servers, and clients against this model,
culminating in a call for stakeholders' support in bringing
automatable TM to the Web.
Links and resources
Tags