Session 2
Monday, May 27, 1996
2:30 PM

Managing Trust in Large Networks

The speaker will identify the ``trust management problem'' as a distinct and important component of security in network services. Aspects of the trust management problem include formulating security policies and security credentials, determining whether particular sets of credentials satisfy the relevant policies, and specifying and deferring trust to third parties. Existing systems that support security in networked applications, including X.509 and PGP, address only narrow subsets of the overall trust management problem and often do so in a manner that is appropriate to only one application. This paper presents a comprehensive approach to trust management, based on a simple language for specifying trusted actions and trust relationships. It also describes a prototype implementation of a new ``trust management system,'' called ``PolicyMaker,'' that will facilitate the development of security features in a wide range of network services. (Joint work with Matt Blaze and Jack Lacy.)

Joan Feigenbaum
AT&T Research