This paper is included in the First Monday Special Issue: Commercial Applications of the Internet, published in July 2006. For author reflections on this paper, visit the Special Issue.
As once-proprietary mission-specific information systems migrate onto the Web, traditional security analysis cannot sufficiently protect each subsystem atomically. The Web encourages open, decentralized systems that span multiple administrative domains. Trust Management (TM) is an emerging framework for decentralizing security decisions that helps developers and others in asking "why" trust is granted rather than immediately focusing on "how" cryptography can enforce it.
In this paper, we recap the basic elements of Trust Management: principles, principals, and policies. We present pragmatic details of Web-based TM technology for identifying principals, labeling resources, and enforcing policies. We sketch how TM might be integrated into Web applications for document authoring and distribution, content filtering, and mobile code security. Finally, we measure today's Web protocols, servers, and clients against this model, culminating in a call for stakeholders' support in bringing automatable TM to the Web.
A Model Checking-Based Security Analysis Framework for IoT Systems
