Session 2
Monday, May 27, 1996
2:30 PM
Managing Trust in Large Networks
The speaker will identify the ``trust management problem'' as a
distinct and important component of security in network services.
Aspects of the trust management problem include formulating
security policies and security credentials, determining whether
particular sets of credentials satisfy the relevant policies, and
specifying and deferring trust to third parties. Existing
systems that support security in networked applications,
including X.509 and PGP, address only narrow subsets of the
overall trust management problem and often do so in a manner that
is appropriate to only one application. This paper presents a
comprehensive approach to trust management, based on a simple
language for specifying trusted actions and trust relationships.
It also describes a prototype implementation of a new ``trust
management system,'' called ``PolicyMaker,'' that will facilitate
the development of security features in a wide range of network
services. (Joint work with Matt Blaze and Jack Lacy.)
Joan Feigenbaum
AT&T Research
2/6/96