DIMACS Acceptance

Rohit Khare (khare@w3.org)
Thu, 5 Sep 1996 04:29:23 -0400 (EDT)

Date: Wed, 4 Sep 1996 07:42:45 -0400 (EDT)
From: Joan Feigenbaum <jf@research.att.com>
To: khare@w3.org
Subject: DIMACS Workshop Program + Abstract

Dear Author:

It is our pleasure to inform you that your talk submission has been
accepted for presentation at the DIMACS Workshop on Trust Management.
Below, please find the workshop program and the current version of
your talk abstract. Please attend to the following items carefully:

1. Proofread your entry on the program. In particular, check for
completeness and accuracy of your name, your talk title, your
affiliation, and the "joint with with ..." list.

2. Proofread your abstract. In particular, check the "For more
information..." line at the end; you may supply a URL, an
email address, a reference to one or more published papers, or
nothing at all in this line. Also, check for any items that
are marked <MISSING>, and supply them.

3. Register for the workshop. You can obtain the necessary forms
by visiting the web page
and following appropriate links.

If you need to make any changes to your program entry or talk abstract
(as a result of items 1 and 2 above), you must contact the DIMACS
webmaster directly: wli@dimacs.rutgers.edu. We cannot personally make
these changes to the DIMACS website.

We look forward to seeing you at the workshop.

Ernie Brickell
Joan Feigenbaum
David Maher


DIMACS Workshop on Trust Management in Networks

September 30 - October 2, 1996

CoRE Building, Rutgers Busch Campus, Piscataway NJ

Co-chairs: Ernie Brickell (Bankers Trust)
Joan Feigenbaum (AT&T Laboratories)
David Maher (AT&T Laboratories)

DIMACS workshops are open to the public. To obtain
registration forms, directions to the CoRE building, and
other logistical information, visit the web page
http://dimacs.rutgers.edu/Workshops/Management, and follow
appropriate links. Those without web access may obtain
the same information from Pat Pravato by sending email to



Monday, September 30, 1996

8:15 Continental breakfast

9:00 Welcome to DIMACS
Fred Roberts, DIMACS Director

9:15 What is "Trust Management," and what are the Workshop Goals?
Joan Feigenbaum, AT&T Laboratories

9:45 Let a Thousand (10 Thousand?) CAs Reign
Steven Kent, BBN

10:45 Break

11:00 The PolicyMaker Approach to Trust Management
Matt Blaze, AT&T Laboratories
(Joint work with J. Feigenbaum and J. Lacy)

12:00 Lunch

1:15 SDSI: A Simple, Distributed Security Infrastructure
Butler Lampson, Microsoft
(Joint work with R. Rivest)

2:15 SPKI Certificates
Carl Ellison, Cybercash

3:15 Break

3:45 Panel Discussion
Moderator: David Maher, AT&T Laboratories
Panelists: Blaze, Ellison, Kent, and Lampson

5:30 Wine and cheese


Tuesday, October 1, 1996

8:15 Continental Breakfast

9:00 Using PICS Labels for Trust Management
Rohit Khare, World Wide Web Consortium

9:30 Managing Trust in an Information-Labeling System
Martin Strauss, Iowa State University
(Joint work with M. Blaze, J. Feigenbaum, and P. Resnick)

10:00 Trust Management in Web Browsers, Present and Future
Ed Felten, Princeton University
(Joint work with D. Dean and D. Wallach)

10:30 Break

10:45 IBM Cryptolopes, SuperDistribution, and Digital Rights Management
Mark Kaplan, IBM

11:30 Requirements and Approaches for Electronic Licenses
David Maher, AT&T Laboratories

12:15 Lunch

1:30 Inferno Security
David Presotto, Bell Labs -- Lucent Technologies

2:00 Transparent Internet E-mail Security
Raph Levien, University of Calfornia at Berkeley
(Joint work with L. McCarthy and M. Blaze)

2:30 Secure Digital Names
Stuart Haber, Bellcore
(Joint work with S. Stornetta)

3:00 Break

3:30 Untrusted Third Parties: Key Management for the Prudent
Mark Lomas, Cambridge University
(Joint work with B. Crispo)

4:00 Distributed Trust Management using Databases
Carl Gunter, University of Pennsylvania
(Joint work with T. Jim)

4:30 Distributed Commerce Transactions: Structuring
Multi-Party Exchanges into Pair-wise Exchanges
Steven Ketchpel, Stanford University
(Joint work with H. Garcia-Molina)


Wednesday, October 2, 1996

8:15 Continental Breakfast

9:00 Policy-Controlled Cryptographic Key Release
David McGrew, Trusted Information Systems, Inc.
(Joint work with D. Branstad)

9:45 An X.509v3-based Public-Key Infrastructure for
the Federal Government
William Burr, Nat'l. Inst. of Standards and Technology

10:15 Break

10:30 The ICE-TEL Public-Key Infrastructure and
Trust Model
David Chadwick, Salford University

11:00 A Distributed Trust Model
Alfarez Abdul-Rahman, University College, London
(Joint work with S. Hailes)

11:30 On Multiple Statements from Trust Sources
Raphael Yahalom, Hebrew University and MIT

12:00 Lunch

1:00 Off-line Delegation in a Distributed File Repository
Arne Helme, University of Twente
(Joint work with T. Stabell-Kul)

1:30 Operational Tradeoffs of Aggregating Attributes in
Digital Certificates
Ian Simpson, Carnegie Mellon University

2:00 Trust Management for Mobile Agents
Vipin Swarup, Mitre
(Joint work with W. Farmer and J. Guttman)

2:30 Break

3:00 Trust Management in ERLink
Samuel Schaen, Mitre

3:30 Linking Trust with Network Reliability
Y. Desmedt, University of Wisconsin at Milwaukee
(Joint work with M. Burmester)

4:00 Unified Support for Heterogeneous Security Policies
Naftaly Minsky, Rutgers University
(Joint work with V. Ungureanu)

4:30 Tools for Security Policy Definition and Implementation
P. Humenn, Blackwatch Technology, Inc.


Title: Using PICS Labels for Trust Management

Author: Rohit Khare


As Web and Internet usage expands into new application domains, users
need automatable mechanisms to establish trust for information they
use. The Platform for Internet Content Selection (PICS) is a scheme for
rating and labeling resources that is machine-readable and can
accommodate a wide variety of rating schemes. When combined with
digital signatures to establish cryptographic authentication, PICS
labels could form the basis for user-definable trust policies on the

PICS allows rating systems to define scales for describing content,
and for many rating services to label resources with their
evaluations. This allows labels to be provided by authors or by third
parties and to be presented with the content or from separate label
bureaus. User agents can dynamically construct user interfaces to
represent labels and constraints on acceptable ratings. When the
resulting decisions are broadened from "show/don't show this page to
the user", one can imagine:

"execute any code from SoftwarePublisher, Inc."
"execute any code above 3/5 on the InfoWeek quality scale"
"trust any identity certificate above Class 2 from VeriCert"
"highlight documents labelled 'true' by their signers"

We present this system in the context of several near-term industrial
scenarios: evaluating and executing programs ("applets"), configuring
acceptable certification authorities, and distributing signed
documents. In each case, PICS offers a flexible, user-configurable
mechanism for specific trust management applications.

Open issues to be discussed include:
Interaction with Public Key Infrastructures
Cryptographic formats and capabilities
Evolution of PICS rating syntax (currently rational numbers)
Embedding PICS labels within certificates (X.509, SDSI)

This talk is based on work done at the World Wide Web Consortium with
its Digital Signature Initiative Group and Security Editorial
Review Board.

For more information, contact khare@w3.org.