Adam Rifkin and I would like to offer a heads-up that we have completed
a survey paper, "Weaving a Web of Trust", to appear in the Summer issue of
the Web Journal. It is an introductory survey of what I have learned about
trusted systems on the Web in two years at the Web Consortium.
http://www.cs.caltech.edu/~adam/LOCAL/trust.html
The paper is in production copyediting at this point (~35pp), so this
is not a formal call for review, but any and all comments would be
appreciated.
We would also appreciate comments on directions this project could
take: as a standalone article, a conference paper, perhaps even edited
into an academic journal paper.
Our apologies in advance for the bulk mailing; I have sent this notice
to you as 1) an Acknowledgee for your contribution to our
understanding of Trust Management 2) a professional colleague I
mentioned this project to and/or 3) a coworker at MCI, UCI, or W3C.
Sincerely,
Rohit Khare
khare@alumni.caltech.edu
(Adam Rifkin)
adam@cs.caltech.edu
----------------------------------------------------------------------------
The abstract:
> To date, "World Wide Web Security" has been publicly associated with
> debates over cryptographic technology, protocols, and public policy.
> This narrow focus can obscure the wider challenge of building trusted
> Web applications. Since the Web aims to be an information space that
> reflects not just human knowledge but also human relationships, it will
> soon reflect the full complexity of trust relationships among people,
> computers, and organizations. Within the computer security community,
> Trust Management has emerged as a new philosophy for protecting open,
> decentralized systems, in contrast to traditional tools for securing
> closed systems. Trust Management is an essential approach, because the
> Web crosses many trust boundaries that old-school computer security
> cannot even begin to handle.
>
> In this paper, we consider how this philosophy could be applied to the
> Web. We introduce the fundamental principles, principals, and policies
> of Trust Management, as well as Web-specific pragmatic issues. In so
> doing, we develop a taxonomy for how trust assertions can be specified,
> justified, and validated. We demonstrate the value of this framework by
> considering the trust questions faced by the designers of applications
> for secure document distribution, content filtering, electronic
> commerce, and downloadable-code systems. We conclude by sketching the
> limits to automatable Trust Management, demonstrating how trust on the
> Web will adapt to the trust rules of human communities and vice versa.
----
adam@cs.caltech.edu
You two need to work on trust. Only then will there be a free exchange
of sex and discounts.
-- Jerry Seinfeld on "Seinfeld"