
<h2>Managing Trust in an Information-Labeling System</h2>

To appear in European Transactions
on Telecommunications (special issue of selected papers from the 1996
Amalfi Conference on Secure Communications in Networks).

<li><a href="Paper.ps">Postscript</a>
</ul>

<h2>Abstract</h2> We address the problem of <i>trust management in
information labeling</i>.  The Platform for Internet Content
Selection (PICS), proposed by <a
href="http://www.w3.org/PICS/iacwcv2.htm">Resnick and Miller</a>,
establishes a flexible way to label documents according to various
aspects of their contents, thus permitting a large and diverse group
of potential viewers to make (automated) informed judgments about
whether or not to view them.  For some viewers, the relevant aspects
may be quantity or quality of material in certain topical areas, and,
for others, they may be the presence or absence of potentially
offensive language or images.  Thus PICS users need a language in
which to specify their <i>PICS profiles</i>, <i>i.e.</i>, the aspects
according to which they want documents to be labeled, the acceptable
values of those labels, and the parties whom they trust to do the
labeling.  Furthermore, PICS-compliant client software (<i>e.g.</i>, a
web browser) needs a mechanism for checking whether a document meets
the requirements set forth in a viewer's profile.  A trust management
solution for the PICS information-labeling system must provide both a
language for specifying profiles and a mechanism for checking whether
a document meets the requirements given in a profile.

This paper describes our design and implementation of a PICS profile
language and our experience integrating the <i>PolicyMaker</i> trust
management engine with a PICS-compliant browser to provide a checking
mechanism.  PolicyMaker was originally designed to address trust
management problems in network services that process signed requests
for action and use public-key cryptography [BFL].  Because
information labeling is not inherently a cryptographically based
service, and thus is outside the original scope of the PolicyMaker
framework, our work on information labeling is evidence of
PolicyMaker's power and adaptability.

