Abstract
Emerging electronic commerce services that use public-key cryptography on a mass-market scale require sophisticated mechanisms for managing trust. For example, any service that receives a signed request for action is forced to answer the central question “Is the key used to sign this request authorized to take this action?” In some services, this question reduces to “Does this key belong to this person?” In others, the authorization question is more complicated, and resolving it requires techniques for formulating security policies and security credentials, determining whether particular sets of credentials satisfy the relevant policies, and deferring trust to third parties.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Information Technology-Open Systems Interconnection — The Directory:Authentication Framework, Recommendation X.509, ISO/IEC 9594-8.
International Telegraph and Telephone Consultative Committee (CCITT). The Directory-Authentication Framework, Recommendation X.509 1993 update.
M. Blaze, J. Feigenbaum, and A. Keromytis, The KeyNote Trust Management System, work in progress. Internet Draft, March 1998, http://www.cis.upenn.edu/~angelos/draft-angelos-spki-keynote.txt.gz.
M. Blaze, J. Feigenbaum, and J. Lacy, Decentralized Trust Management, in Proceedings of the Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos, 1996, pp. 164–173.
M. Blaze, J. Feigenbaum, P. Resnick, and M. Strauss, Managing Trust in an Information-Labeling System, European Transactions on Telecommunications, 8 (1997), pp. 491–501. (Special issue of selected papers from the 1996 Amalfi Conference on Secure Communication in Networks.)
M. Blaze, J. Feigenbaum, and M. Strauss, Compliance-Checking in the Policy-Maker Trust Management System, in Proceedings of the 2nd Financial Cryptography Conference, Lecture Notes in Computer Science, Springer, Berlin, 1998, to appear. Available in preprint form as AT&T Technical Report 98.3.2, http://www.research.att.com/library/trs/TRs/98/98.3/98.3.2.body.ps.
Y.-H. Chu, J. Feigenbaum, B. LaMacchia, P. Resnick, and M. Strauss, REFEREE: Trust Management for Web Applications, World Wide Web Journal, 2 (1997), pp. 127–139. (Reprinted from Proceedings of the 6th International World Wide Web Conference, World Wide Web Consortium, Cambridge, 1997, pp. 227–238.)
C. Ellison, A Simple Public-Key Infrastructure, http://www.clark.net/pub/cme/html/spki.html.
J. Lacy, D. P. Maher, and J. H. Snyder, Music on the Internet and the Intellectual Property Protection Problem, in Proceedings of the International Symposium on Industrial Electronics, IEEE Press, New York, 1997, pp. SS77–83.
R. Levien, L. McCarthy, and M. Blaze, Transparent Internet E-mail Security, http://www.cs.umass.edu/~lmccarth/crypto/papers/email.ps
P. Resnick and J. Miller, PICS: Internet Access Controls Without Censorship, Communications of the ACM, October 1996, pp. 87–93.
R. Rivest and B. Lampson, SDSI: A Simple Distributed Security Infrastructure, http://theory.lcs.mit.edu/~rivest/sdsi11.html.
P. Zimmermann, PGP User’s Guide, MIT Press, Cambridge, 1994.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Feigenbaum, J. (1998). Overview of the AT&T Labs Trust-Management Project. In: Christianson, B., Crispo, B., Harbison, W.S., Roe, M. (eds) Security Protocols. Security Protocols 1998. Lecture Notes in Computer Science, vol 1550. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-49135-X_7
Download citation
DOI: https://doi.org/10.1007/3-540-49135-X_7
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65663-0
Online ISBN: 978-3-540-49135-4
eBook Packages: Springer Book Archive