REFEREE: trust management for Web applications

Digital signatures provide a mechanism for guaranteeing integrity and authenticity of Web content but not more general notions of security or trust. Web-aware applications must permit users to state clearly their own security policies and, of course, must provide the cryptographic tools for manipula...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 1997-09, Vol.29 (8), p.953-964
Hauptverfasser:	Chu, Yang-Hua, Feigenbaum, Joan, LaMacchia, Brian, Resnick, Paul, Strauss, Martin
Format:	Artikel
Sprache:	eng
Schlagworte:	Applied sciences Computer security Cybersecurity Data encryption Digital signatures Exact sciences and technology Interconnected networks Network security Networks and services in france and abroad Policy evaluation Policy making REFEREE Studies Telecommunications Telecommunications and information theory Teleprocessing networks. Isdn Trust management World Wide Web
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	964
container_issue	8
container_start_page	953
container_title	Computer networks (Amsterdam, Netherlands : 1999)
container_volume	29
creator	Chu, Yang-Hua Feigenbaum, Joan LaMacchia, Brian Resnick, Paul Strauss, Martin
description	Digital signatures provide a mechanism for guaranteeing integrity and authenticity of Web content but not more general notions of security or trust. Web-aware applications must permit users to state clearly their own security policies and, of course, must provide the cryptographic tools for manipulating digital signatures. This paper describes the REFEREE trust management system for Web applications; REFEREE provides both a general policy-evaluation mechanism for Web clients and servers and a language for specifying trust policies. REFEREE places all trust decisions under explicit policy control; in the REFEREE model, every action, including evaluation of compliance with policy, happens under the control of some policy. That is, REFEREE is a system for writing policies about policies, as well as policies about cryptographic keys, PICS label bureaus, certification authorities, trust delegation, or anything else. In this paper, we flesh out the need for trust management in Web applications, explain the design philosophy of the REFEREE trust management system, and describe a prototype implementation of REFEREE.
doi_str_mv	10.1016/S0169-7552(97)00009-3
format	Article
fullrecord	<record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_57449338</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0169755297000093</els_id><sourcerecordid>57449338</sourcerecordid><originalsourceid>FETCH-LOGICAL-c446t-45f0bdf0f63100f73d6b121cd5458bed52d0c7671cf867c498e5da354a3af3b23</originalsourceid><addsrcrecordid>eNqFkE1LxDAQhoMouK7-BKGIiB66Jk3SNF5Elq4KC8KqeAxpPiRLv0xawX9vu7vswYtzmLk8887wAHCO4AxBlN6-Do3HjNLkmrMbOBSP8QGYoIwlMYMpPwSTPXIMTkJYDwxCjE_AbJUv8lWe30Wd70MXVbKWn6YydRfZxkcfpohk25ZOyc41dTgFR1aWwZzt5hS8L_K3-VO8fHl8nj8sY0VI2sWEWlhoC22KEYSWYZ0WKEFKU0KzwmiaaKhYypCyWcoU4ZmhWmJKJJYWFwmegqttbuubr96ETlQuKFOWsjZNHwRlhHCMswG8-AOum97Xw28CcZ5insExjW4h5ZsQvLGi9a6S_kcgKEaFYqNQjH4EZ2KjUOBh73IXLoOSpfWyVi7slxMEM8JG7H6LmcHItzNeBOVMrYx23qhO6Mb9c-gXP4WCrg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>199639802</pqid></control><display><type>article</type><title>REFEREE: trust management for Web applications</title><source>Alma/SFX Local Collection</source><creator>Chu, Yang-Hua ; Feigenbaum, Joan ; LaMacchia, Brian ; Resnick, Paul ; Strauss, Martin</creator><creatorcontrib>Chu, Yang-Hua ; Feigenbaum, Joan ; LaMacchia, Brian ; Resnick, Paul ; Strauss, Martin</creatorcontrib><description>Digital signatures provide a mechanism for guaranteeing integrity and authenticity of Web content but not more general notions of security or trust. Web-aware applications must permit users to state clearly their own security policies and, of course, must provide the cryptographic tools for manipulating digital signatures. This paper describes the REFEREE trust management system for Web applications; REFEREE provides both a general policy-evaluation mechanism for Web clients and servers and a language for specifying trust policies. REFEREE places all trust decisions under explicit policy control; in the REFEREE model, every action, including evaluation of compliance with policy, happens under the control of some policy. That is, REFEREE is a system for writing policies about policies, as well as policies about cryptographic keys, PICS label bureaus, certification authorities, trust delegation, or anything else. In this paper, we flesh out the need for trust management in Web applications, explain the design philosophy of the REFEREE trust management system, and describe a prototype implementation of REFEREE.</description><identifier>ISSN: 0169-7552</identifier><identifier>ISSN: 1389-1286</identifier><identifier>EISSN: 1872-7069</identifier><identifier>DOI: 10.1016/S0169-7552(97)00009-3</identifier><identifier>CODEN: CNISE9</identifier><language>eng</language><publisher>Amsterdam: Elsevier B.V</publisher><subject>Applied sciences ; Computer security ; Cybersecurity ; Data encryption ; Digital signatures ; Exact sciences and technology ; Interconnected networks ; Network security ; Networks and services in france and abroad ; Policy evaluation ; Policy making ; REFEREE ; Studies ; Telecommunications ; Telecommunications and information theory ; Teleprocessing networks. Isdn ; Trust management ; World Wide Web</subject><ispartof>Computer networks (Amsterdam, Netherlands : 1999), 1997-09, Vol.29 (8), p.953-964</ispartof><rights>1997</rights><rights>1998 INIST-CNRS</rights><rights>Copyright Elsevier Sequoia S.A. Sep 1997</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c446t-45f0bdf0f63100f73d6b121cd5458bed52d0c7671cf867c498e5da354a3af3b23</citedby><cites>FETCH-LOGICAL-c446t-45f0bdf0f63100f73d6b121cd5458bed52d0c7671cf867c498e5da354a3af3b23</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>309,310,314,776,780,785,786,23909,23910,25118,27901,27902</link.rule.ids><backlink>$$Uhttp://pascal-francis.inist.fr/vibad/index.php?action=getRecordDetail&idt=2108473$$DView record in Pascal Francis$$Hfree_for_read</backlink></links><search><creatorcontrib>Chu, Yang-Hua</creatorcontrib><creatorcontrib>Feigenbaum, Joan</creatorcontrib><creatorcontrib>LaMacchia, Brian</creatorcontrib><creatorcontrib>Resnick, Paul</creatorcontrib><creatorcontrib>Strauss, Martin</creatorcontrib><title>REFEREE: trust management for Web applications</title><title>Computer networks (Amsterdam, Netherlands : 1999)</title><description>Digital signatures provide a mechanism for guaranteeing integrity and authenticity of Web content but not more general notions of security or trust. Web-aware applications must permit users to state clearly their own security policies and, of course, must provide the cryptographic tools for manipulating digital signatures. This paper describes the REFEREE trust management system for Web applications; REFEREE provides both a general policy-evaluation mechanism for Web clients and servers and a language for specifying trust policies. REFEREE places all trust decisions under explicit policy control; in the REFEREE model, every action, including evaluation of compliance with policy, happens under the control of some policy. That is, REFEREE is a system for writing policies about policies, as well as policies about cryptographic keys, PICS label bureaus, certification authorities, trust delegation, or anything else. In this paper, we flesh out the need for trust management in Web applications, explain the design philosophy of the REFEREE trust management system, and describe a prototype implementation of REFEREE.</description><subject>Applied sciences</subject><subject>Computer security</subject><subject>Cybersecurity</subject><subject>Data encryption</subject><subject>Digital signatures</subject><subject>Exact sciences and technology</subject><subject>Interconnected networks</subject><subject>Network security</subject><subject>Networks and services in france and abroad</subject><subject>Policy evaluation</subject><subject>Policy making</subject><subject>REFEREE</subject><subject>Studies</subject><subject>Telecommunications</subject><subject>Telecommunications and information theory</subject><subject>Teleprocessing networks. Isdn</subject><subject>Trust management</subject><subject>World Wide Web</subject><issn>0169-7552</issn><issn>1389-1286</issn><issn>1872-7069</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>1997</creationdate><recordtype>article</recordtype><recordid>eNqFkE1LxDAQhoMouK7-BKGIiB66Jk3SNF5Elq4KC8KqeAxpPiRLv0xawX9vu7vswYtzmLk8887wAHCO4AxBlN6-Do3HjNLkmrMbOBSP8QGYoIwlMYMpPwSTPXIMTkJYDwxCjE_AbJUv8lWe30Wd70MXVbKWn6YydRfZxkcfpohk25ZOyc41dTgFR1aWwZzt5hS8L_K3-VO8fHl8nj8sY0VI2sWEWlhoC22KEYSWYZ0WKEFKU0KzwmiaaKhYypCyWcoU4ZmhWmJKJJYWFwmegqttbuubr96ETlQuKFOWsjZNHwRlhHCMswG8-AOum97Xw28CcZ5insExjW4h5ZsQvLGi9a6S_kcgKEaFYqNQjH4EZ2KjUOBh73IXLoOSpfWyVi7slxMEM8JG7H6LmcHItzNeBOVMrYx23qhO6Mb9c-gXP4WCrg</recordid><startdate>19970901</startdate><enddate>19970901</enddate><creator>Chu, Yang-Hua</creator><creator>Feigenbaum, Joan</creator><creator>LaMacchia, Brian</creator><creator>Resnick, Paul</creator><creator>Strauss, Martin</creator><general>Elsevier B.V</general><general>Elsevier Science</general><general>Elsevier Sequoia S.A</general><scope>IQODW</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>E3H</scope><scope>F2A</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>19970901</creationdate><title>REFEREE: trust management for Web applications</title><author>Chu, Yang-Hua ; Feigenbaum, Joan ; LaMacchia, Brian ; Resnick, Paul ; Strauss, Martin</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c446t-45f0bdf0f63100f73d6b121cd5458bed52d0c7671cf867c498e5da354a3af3b23</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>1997</creationdate><topic>Applied sciences</topic><topic>Computer security</topic><topic>Cybersecurity</topic><topic>Data encryption</topic><topic>Digital signatures</topic><topic>Exact sciences and technology</topic><topic>Interconnected networks</topic><topic>Network security</topic><topic>Networks and services in france and abroad</topic><topic>Policy evaluation</topic><topic>Policy making</topic><topic>REFEREE</topic><topic>Studies</topic><topic>Telecommunications</topic><topic>Telecommunications and information theory</topic><topic>Teleprocessing networks. Isdn</topic><topic>Trust management</topic><topic>World Wide Web</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Chu, Yang-Hua</creatorcontrib><creatorcontrib>Feigenbaum, Joan</creatorcontrib><creatorcontrib>LaMacchia, Brian</creatorcontrib><creatorcontrib>Resnick, Paul</creatorcontrib><creatorcontrib>Strauss, Martin</creatorcontrib><collection>Pascal-Francis</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>Library & Information Sciences Abstracts (LISA)</collection><collection>Library & Information Science Abstracts (LISA)</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Chu, Yang-Hua</au><au>Feigenbaum, Joan</au><au>LaMacchia, Brian</au><au>Resnick, Paul</au><au>Strauss, Martin</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>REFEREE: trust management for Web applications</atitle><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle><date>1997-09-01</date><risdate>1997</risdate><volume>29</volume><issue>8</issue><spage>953</spage><epage>964</epage><pages>953-964</pages><issn>0169-7552</issn><issn>1389-1286</issn><eissn>1872-7069</eissn><coden>CNISE9</coden><abstract>Digital signatures provide a mechanism for guaranteeing integrity and authenticity of Web content but not more general notions of security or trust. Web-aware applications must permit users to state clearly their own security policies and, of course, must provide the cryptographic tools for manipulating digital signatures. This paper describes the REFEREE trust management system for Web applications; REFEREE provides both a general policy-evaluation mechanism for Web clients and servers and a language for specifying trust policies. REFEREE places all trust decisions under explicit policy control; in the REFEREE model, every action, including evaluation of compliance with policy, happens under the control of some policy. That is, REFEREE is a system for writing policies about policies, as well as policies about cryptographic keys, PICS label bureaus, certification authorities, trust delegation, or anything else. In this paper, we flesh out the need for trust management in Web applications, explain the design philosophy of the REFEREE trust management system, and describe a prototype implementation of REFEREE.</abstract><cop>Amsterdam</cop><pub>Elsevier B.V</pub><doi>10.1016/S0169-7552(97)00009-3</doi><tpages>12</tpages></addata></record>
fulltext	fulltext
identifier	ISSN: 0169-7552
ispartof	Computer networks (Amsterdam, Netherlands : 1999), 1997-09, Vol.29 (8), p.953-964
issn	0169-7552 1389-1286 1872-7069
language	eng
recordid	cdi_proquest_miscellaneous_57449338
source	Alma/SFX Local Collection
subjects	Applied sciences Computer security Cybersecurity Data encryption Digital signatures Exact sciences and technology Interconnected networks Network security Networks and services in france and abroad Policy evaluation Policy making REFEREE Studies Telecommunications Telecommunications and information theory Teleprocessing networks. Isdn Trust management World Wide Web
title	REFEREE: trust management for Web applications
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-05T13%3A58%3A06IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=REFEREE:%20trust%20management%20for%20Web%20applications&rft.jtitle=Computer%20networks%20(Amsterdam,%20Netherlands%20:%201999)&rft.au=Chu,%20Yang-Hua&rft.date=1997-09-01&rft.volume=29&rft.issue=8&rft.spage=953&rft.epage=964&rft.pages=953-964&rft.issn=0169-7552&rft.eissn=1872-7069&rft.coden=CNISE9&rft_id=info:doi/10.1016/S0169-7552(97)00009-3&rft_dat=%3Cproquest_cross%3E57449338%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=199639802&rft_id=info:pmid/&rft_els_id=S0169755297000093&rfr_iscdi=true