Design of a role-based trust-management framework

Source: DOI Authors: Ninghui Li, J.C. Mitchell, W.H. Winsborough Date: 2005

Core idea

Trust should be expressed through local role definitions, delegated credentials, and formal policy evaluation rather than through one globally shared notion of who is trusted.

Key claims

• Authorization should come from policy plus credentials, not from ambient identity alone.
• Linked roles and delegation are natural primitives for decentralized organizations.
• Trust decisions remain local even when credentials travel across boundaries.

Harness takeaway

A multiplayer harness should evaluate roles, approvals, and delegated authority through local policy logic. This is much healthier than a universal trust score pretending to summarize a participant.