PICS allows rating systems to define scales for describing content, and for many rating services to label resources with their evaluations. This allows labels to be provided by authors or by third parties and to be presented with the content or from separate label bureaus. User agents can dynamically construct user interfaces to represent labels and constraints on acceptable ratings. When the resulting decisions are broadened from "show/don't show this page to the user", one can imagine:
"execute any code from SoftwarePublisher, Inc."
"execute any code above 3/5 on the InfoWeek quality scale"
"trust any identity certificate above Class 2 from VeriCert"
"highlight documents labelled 'true' by their signers"
We present this system in the context of several near-term industrial scenarios: evaluating and executing programs ("applets"), configuring acceptable certification authorities, and distributing signed documents. In each case, PICS offers a flexible, user-configurable mechanism for specific trust management applications.
Open issues to be discussed include:
Interaction with Public Key Infrastructures
Cryptographic formats and capabilities
Evolution of PICS rating syntax (currently rational numbers)
Embedding PICS labels within certificates (X.509, SDSI)
This talk is based on work done at the World Wide Web Consortium with its Digital Signature Initiative Group and Security Editorial Review Board.
For more information, contact khare@w3.org.