Synonyms
Related Concepts
Attribute-Based Access Control; Digital Credentials; Trust Negotiation
Definition
Trust management refers to the process of deciding whether the execution of a requested action is authorized by the combination of a local security policy and digitally signed assertions issued by trusted remote parties.
Background
The trust management problem was first described in 1996 by Blaze, Feigenbaum, and Lacy in their seminal paper “Decentralized Trust Management” [5]:
It is our thesis that a coherent intellectual framework is needed for the study of security policies, security credentials, and trust relationships. We refer collectively to these components of network services as the trust management problem.
The key observation made in this paper is that the growth of networked applications has fundamentally altered the information needed to make informed authorization decisions in computing systems. Rather than relying solely on the local...
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Recommended Reading
Appel AW, Felten EW (1999) Proof-carrying authentication. In: Proceedings of the sixth ACM conference on computer and communications security, Singapore, ACM, 1999, pp 52–62
Bauer L, Garriss S, Reiter MK (2005) Distributed proving in access-control systems. In: Proceedings of the IEEE symposium on security and privacy, Oakland, IEEE, 2005, pp 81–95
Becker MY, Sewell P (2004) Cassandra: distributed access control policies with tunable expressiveness. In: Proceedings of the fifth IEEE international workshop on policies for distributed systems and networks, Yorktown Heights, IEEE, 2004, pp 159–168
Becker MY, Fournet C, Gordon AD (2007) Design and semantics of a decentralized authorization language. In: Proceedings of the 20th IEEE computer security foundations symposium, Venice, Italy, IEEE, 2007, pp 3–15
Blaze M, Feigenbaum J, Lacy J (1996) Decentralized trust management. In: Proceedings of the IEEE symposium on security and privacy, Oakland, IEEE, 1996, pp 164–173
Ceri S, Gottlob G, Tanca L (1989) What you always wanted to know about Datalog (and never dared to ask). IEEE Trans Knowl Data Eng 1(1):146–166
Li N, Mitchell JC (2003) Datalog with constraints: a foundation for trust management languages. In: Proceedings of the fifth international symposium on practical aspects of declarative languages, New Orleans, Springer, 2003, pp 58–73
Li N, Mitchell JC, Winsborough WH (2002) Design of a role-based trust-management framework. In: Proceedings of the IEEE symposium on security and privacy, Oakland, IEEE, 2002, pp 114–130
Li N, Winsborough WH, Mitchell JC (2003) Distributed credential chain discovery in trust management. J Comput Secur 11(1):35–86
Yu T, Winslett M, Seamons KE (2003) Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Trans Inf Syst Secur 6(1):1–42
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this entry
Cite this entry
Wongchaowart, B., Lee, A.J. (2011). Trust Management. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_832
Download citation
DOI: https://doi.org/10.1007/978-1-4419-5906-5_832
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-5905-8
Online ISBN: 978-1-4419-5906-5
eBook Packages: Computer ScienceReference Module Computer Science and Engineering