[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

"trust management" vs. "certified identity"



The discussions here of the limits of PGP's certification and
revocation model are close to the core of some work I've been doing
(with Joan Feigenbaum and Jack Lacy) on what we call the "trust
management" problem.

Essentially we consider the consequences of abandoning the notion
of "certified identity" implicit in systems like X.509 and PGP and
subsuming identity under the more general umbrella of specifying
and determining what a key is trusted to do.

We've built a system, called "PolicyMaker", that allows the certifier
of a key to specify what the key is trusted to do rather than to
whom the key is trusted to belong.  The same mechanism is also used
to specify and interpret local policies.  The PolicyMaker system
is designed to be called as a service by local applications,
which could be email systems like PGP or network-layer security
protocols or any other application that requires complex trust
relationships.

Some early, local experience suggests that this approach is a good
one.  It's easy to specify X.509- and PGP-style policies and
certificates, but you can also say things like "valid for transactions
over $500 only if countersigned" in a fairly natural way.

I'll be happy to send a (very early) draft of our paper, "Decentralized
trust management" to anyone who's interested.  I've made the draft
available in the CFS-users email archive server.  To request a copy
(PostScript format) by email:
   echo get cfs-users pmdraft.ps | mail [email protected]
(For non-unix shell people, just send a message to
	[email protected]
With the line:
	get cfs-users pmdraft.ps
in the BODY of the message (NOT on the subject line).)

Comments and discussion appreciated.

This is an early draft, and I'd appreciate it if it not be directly
quoted, cited, or re-distributed.

-matt

PS  We expect to give away our reference implementation, too.  (Probably
by May or so.)  Note that this is just research, and does not represent
any current, past, or future product or service offering on the part
of AT&T or anyone else.