2.6.10 Trust Management (trustmgt) bof

Current Meeting Report

Trust Management BOF
IETF Chicago
August 27, 1998
3:30 pm

The Birds of a Feather meeting on Trust Management opened with remarks from the
chair, Hilarie Orman, about the purpose of the group and the agenda. Trust
management is the representation, negotiation, and transmission of policy for sharing
network resources. The idea of the BOF arose from a conjunction of available
technology and the complications in defining suitability policy frameworks for new
standards such as IPSEC and mobile IP. The BOF was charged with refining the
definition and seeking opinions on the viability and utility of a working group in
this area.

1. Matt Blaze of AT&T gave the first talk. He addressed the differences between
trust management and certification, noting that policy with explicit representation
can be examined by separate software for validation and control. He defined the
goals of having a common syntax and semantics that is simple and amenable to
formal analysis.

2. Bob Moskovitz of ICSA spoke about commercial certificate policies. He has
been working to establish certificates that are useful in conjunction with contract
law and regulatory policy. The policies under which the certificates were issued
are maintained must be expressed so that organizations can decide is the
certificates meet their requirements for doing business. It is desirable for the
acceptance procedures to be based on rules rather than lists of number. For
example, the certificate authorities statement of the certificate revocation
conditions, such as timeouts, may be examined as part of the acceptance
procedure. Matt Blaze questioned the relevance of certificate policy to trust

3. John Zao of GTE's BBN Research spoke about the security policy management
project at BBN, which is developing a policy requirements framework. In this
framework applications specify their trust requirements, and the policy subsystem
looks for policies that can satisfy those requirements. He distinguished policy
decisions from enforcement of policy constraints. He also mentioned the need for
secure negotiation mechanisms.

4. Sandra Murphy of Network Associate's TIS Laboratories spoke about firewalls and
active networks; while they can support the formation of secure virtual enclaves on
networks, they do not in themselves solve the problem of distributing policy and
authorizing it suse. Current work is using X.509 certificates. She noted the
difficulty of combining firewall filtering policies with end-to-end security policies.

5. Carl Ellison of IBM spoke about the SPKI working group's considerations of
policy expression. They have addressed access control and delegation of authority,
but they have not addressed complex policies that involve mixed credentials.
Another unaddressed issue is to enforce mandatory policy and to distinguish it
from discretionary policy.

6. Cliff Neuman of USC's Information Sciences Institute (ISI) spoke about his work
with Kerberos and GSS-API. He posed the following questions that should be
answered before performing access operations:

- Is it consistent with policy?
- Is the policy consistent?
- Who sets the policy
- Where is it?

7. Angelos Keromytis of the University of Pennsylvania spoke about the Keynote
System that derives from work at AT&T Laboratories on a system named PolicyMaker.

Names types conforming to X509 or SPKI or allowed, and revocation is supported.

8. Matt Blaze then presented proposed charter items. The working group purpose is
to deveolop a trust management layer for use by many protocols and/or application.
He addressed the need for expression of policy and of simple but general semantics
that will address application needs. The working group should consider how to
map the policy expression requirements from other working groups into suitable,
common semantics. He distinguished the discussion of what actual policy should
be from the discussion of how to represent and work with the representations on
a large scale. While policies are generally expressed in English, the automated
enforcement of the policy is done by computer programs; the term trust
management is a way of referring to the mechanisms, not the English.

The value of human readable policy expression was noted as an aid to

The working group was reminded that the mailing list is managed by Majordomo
and is at trustmgmt@east.isi.edu

Marcus Leech, Security Area Co-Director reminded the group of his early requirement
that other working groups be found to defer their own trust management issues to the
proposed new working group in trust management. A simple poll was taken, limited to
the approximately seven working group chairs who were in attendance. One expressed
the opinion that his group would find no use for any product from a trust management
group, while all others expressed at least cautious interest in seeing the results of such
a group.

He also advised selecting a co-chair and to noted that the group should have a schedule
for producing results established quickly.

The meeting adjourned at 5:30 pm.


None Received.

Attendees List

go to list