Title: Security and Trust in Cyberspace
Abstract: The Internet provides inexpensive, ubiquitous and global communication and commerce. This opens dramatic new opportunities for more efficient markets, production and distribution. Establishing trust in new potential partners becomes essential and difficult. Since law-enforcement to an Internet partner is often hard, trust (or reviews) becomes also an important way to reward (or punish) partners. There are many efforts to establish and manage trust, but none too successful. Furthermore, the different mechanisms are incompatible. In particular, most efforts focus on public key certificates, but there are several incompatible formats; furthermore some practical mechanisms to establish trust are based on credentials which are not public key certificates. We present a modular approach to establishing trust, which provides: -- Modular architecture, breaking the trust problem into well defined and independant modules. -- Ability to use diverse forms of credentials and certificates. -- General yet practical definitions, allowing support of all major trust models. -- Efficient, practical solutions and implementations.