Author
Yang-Hua Chu,Joan Feigenbaum,Brian LaMacchia,Paul Resnick,Martin Strauss
Abstract
Digital signatures provide a mechanism for guaranteeing integrity and authenticity
of Web content but not more general notions of security or trust. Web-aware
applications must permit users to state clearly their own security policies and,
of course, must provide the cryptographic tools for manipulating digital signatures.
This paper describes the REFEREE trust management system for Web applications;
REFEREE provides both a general policy-evaluation mechanism for Web clients and
servers and a language for specifying trust policies. REFEREE places all trust
decisions under explicit policy control; in the REFEREE model, every action,
including evaluation of compliance with policy, happens under the control of
some policy. That is, REFEREE is a system for writing policies about policies,
as well as policies about cryptographic keys, PICS label bureaus, cerification
authorities, trust delegation, or anything else.
In this paper, we flesh out the need for 'trust management' in Web applications,
explain the design philosophy of the REFEREE trust management system, and
describe a prototype implementation of REFEREE.