Many network services need to make ''trust management'' decisions; in
particular, processing users' requests for action often requires using
labels and credentials that may not be authentic or trustworthy. In t
his paper, we address the problem of trust management in formation lab
eling. The Platform for Internet Content Selection (PICS), proposed by
Resnick and Miller [13], establishes a flexible way to label document
s according to various aspects of their contents, thus permitting a la
rge and diverse group of potential viewers to make (automated) informe
d judgments about whether or not to view them. For some viewers, the r
elevant aspects may be quantity or quality of material in certain topi
cal areas, and, for others, they may be the presence or absence of pot
entially offensive language or images. Thus PICS users need a language
in which to specify their PICS profiles, i.e., the aspects according
to which they want documents to be labeled, the acceptable values of t
hose labels, and the parties whom they trust to do the labeling. Furth
ermore, PICS-compliant client software (e.g., a web browser) needs a m
echanism for checking whether a document meets the requirements set fo
rth in a viewer's profile. A trust management solution for the PICS in
formation-labeling system must provide both a language for specifying
profiles and a mechanism for checking whether a document meets the req
uirements given in a profile. This paper describes our design and impl
ementation of a PICS profile language and our experience integrating t
he PolicyMaker trust management engine with a PICS-compliant browser t
o provide a checking mechanism. PolicyMaker was originally designed to
address trust management problems in network services that process si
gned requests for action and use public-key cryptography [2]. Because
information labeling is not inherently a cryptographically based servi
ce and thus is outside the original scope of the PolicyMaker framework
, our work on information labeling is evidence of PolicyMaker's power
and adaptability.