Abstract | This paper introduces xTrust, a general purpose security framework that supports a wide range of applications and security mechanisms in a way that makes trust highly visible. It provides basic services for identifying paths between peers that are trusted for specific purposes, and for utilizing those paths for the trustworthy exchange of information. The design of the system is based on four general principles: (1) trust is always dependent on context; (2) trust relationships are defined by people, not applications, so trust should be dealt with separately from applications; (3) trust relationships are defined using local semantics; and (4) trust, when it exists, is absolute in that information from a trusted party is accepted without question. |
---|