In this talk, we will explain our general approach to the problem and our "trust management system," called PolicyMaker.
Key ideas that inform our approach include:
Unified mechanism: Policies, credentials, and trust relationships are expressed as programs in a simple programming language. Existing systems are forced to treat these concepts separately. By providing a common language for policies, credentials, and relationships, we make it possible for diverse network applications to handle trust management in a comprehensive and largely transparent manner.
Separation of mechanism from policy: The mechanism for verifying credentials does not depend on the credentials themselves or the semantics of the applications that use them. This allows many different applications with widely varying policy requirements to share a single certificate verification infrastructure.
Flexibility: Our system is expressively rich enough to support the complex trust relationships that can occur in the very large-scale network applications currently being developed. At the same time, simple and standard policies, credentials, and relationships can be expressed succinctly and comprehensibly. In particular, PGP and X.509 "certificates" need only trivial modifications to be usable in our framework.
Locality of control: Each party in the network can decide in each circumstance whether to accept the credentials presented by a second party or, alternatively, on which third party it should rely for the appropriate "certificate."
PolicyMaker is now being used to manage trust in several applications, including email, electronic licensing, and Internet content-labelling.
[BFL] M. Blaze, J. Feigenbaum, and J. Lacy, "Decentralized Trust Management," IEEE Symposium on Security and Privacy, Oakland CA, May 1996.
For more information, contact: {mab,jf,lacy}@research.att.com.