Practical extensions of trust management credentials

Abstract

Trust management is a unified approach to access control in open distributed systems, where decisions connected with access control are based on policy statements made by many principals. The family of Role-based Trust management languages (RT) is an effective means for representing security policies, credentials and relationship in distributed, decentralized, large scale access control systems. It delivers a set of role assignment credentials and is used in systems where the identities of users are not the most important form of identification. A credential gives information about the privileges of users and the security policies issued by (usually more than one) trusted authorities. The main purpose of this article is to show how some credential extensions can make a trust management system more useful in practice. It shows how security systems can be made more realistic by maintaining the procedure or including timing information.