REFEREE: Trust Management for Web Applications

Get BibTex-formatted data

Author

Yang-Hua Chu,Joan Feigenbaum,Brian LaMacchia,Paul Resnick,Martin Strauss

Entry type

techreport

Abstract

Digital signatures provide a mechanism for guaranteeing integrity and authenticity of Web content but not more general notions of security or trust. Web-aware applications must permit users to state clearly their own security policies and, of course, must provide the cryptographic tools for manipulating digital signatures. This paper describes the REFEREE trust management system for Web applications; REFEREE provides both a general policy-evaluation mechanism for Web clients and servers and a language for specifying trust policies. REFEREE places all trust decisions under explicit policy control; in the REFEREE model, every action, including evaluation of compliance with policy, happens under the control of some policy. That is, REFEREE is a system for writing policies about policies, as well as policies about cryptographic keys, PICS label bureaus, cerification authorities, trust delegation, or anything else. In this paper, we flesh out the need for 'trust management' in Web applications, explain the design philosophy of the REFEREE trust management system, and describe a prototype implementation of REFEREE.

URL

http://www.sciencedirect.com/s ... 4e80ef58ab21f63e1ea816524

Key alpha

Chu

Publication Date

2001-01-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Techreport{ Chu,
	title = "REFEREE: Trust Management for Web Applications",
	author = "Yang-Hua Chu,Joan Feigenbaum,Brian LaMacchia,Paul Resnick,Martin Strauss",
	abstract = "Digital signatures provide a mechanism for guaranteeing integrity and authenticity
of Web content but not more general notions of security or trust. Web-aware
applications must permit users to state clearly their own security policies and,
of course, must provide the cryptographic tools for manipulating digital signatures.
This paper describes the REFEREE trust management system for Web applications;
REFEREE provides both a general policy-evaluation mechanism for Web clients and
servers and a language for specifying trust policies. REFEREE places all trust
decisions under explicit policy control; in the REFEREE model, every action,
including evaluation of compliance with policy, happens under the control of
some policy. That is, REFEREE is a system for writing policies about policies,
as well as policies about cryptographic keys, PICS label bureaus, cerification
authorities, trust delegation, or anything else.
In this paper, we flesh out the need for 'trust management' in Web applications,
explain the design philosophy of the REFEREE trust management system, and
describe a prototype implementation of REFEREE.",
	url = "http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B6TYT-3SP60S4-B&_user=29441&_rdoc=1&_fmt=&_orig=search&_sort=d&view=c&_acct=C000003858&_version=1&_urlVersion=0&_userid=29441&md5=a940a824e80ef58ab21f63e1ea816524",
}