Digital signatures provide a mechanism for guaranteeing integrity and
authenticity of Web content but not more general notions of security o
r trust. Web-aware applications must permit users to state clearly the
ir own security policies and, of course, must provide the cryptographi
c tools for manipulating digital signatures. This paper describes the
REFEREE trust management system for Web applications; REFEREE provides
both a general policy-evaluation mechanism for Web clients and server
s and a language for specifying trust policies. REFEREE places all tru
st decisions under explicit policy control; in the REFEREE model, ever
y action, including evaluation of compliance with policy, happens unde
r the control of some policy. That is, REFEREE is a system for writing
policies about policies, as well as policies about cryptographic keys
, PICS label bureaus, certification authorities, trust delegation, or
anything else. In this paper, we flesh out the need for trust manageme
nt in Web applications, explain the design philosophy of the REFEREE t
rust management system, and describe a prototype implementation of REF
EREE. (C) 1997 Published by Elsevier Science B.V.