Abstract: A trust manager examines each new class before it is allowed to execute by examining a policy file which includes data structures defining security policies of the user system, a certificate repository for storing a plurality of certificates, a certificate being a data record which is digitally signed and which certifies claims relevant to a security evaluation, a code examiner adapted to analyze the portion of code to determine potential resource use of the portion of code and a trust evaluator adapted to evaluate certificate requirements of the portion of code based on policy rules extracted from the policy file and the potential resource use specified by the code examiner. The trust evaluator also determines, from certificates from the certificate repository and a code identifier identifying the portion of code, whether execution of the portion of code is allowed by the policy rules given the potential resource use, the code supplier and applicable certificates. Certificates and policies can be specified in hierarchical form, so that some levels of security can be delegated to trusted entities.

Abstract: The problem of key exchange and strong authentication in the Directory services according to the X.500 Recommendation is addressed with certificates which are issued by well-known, trusted authorities known as certification authorities. Finding a path of certification assignment for certification validity checking and verification of the communication party public key is a rather complex task in the global Directory. This paper describes the development of a tool which addresses this problem and provides support for the end user and the certification authority in finding a path of certification assignment.

Abstract: While a global security infrastructure is not yet available, the process of establishing one has begun. There will be a need for comprehensive, easy-to-use tools for managing the security information of the participating parties. From our experience with the former PASSWORD project we define the essential management tasks of a certification authority and of a user and specify them according to the X.700 OSI Management Framework. A first implementation was made to demonstrate how the basic requirements of such tools could be met. This paper focusses on the definition of the management tasks and their realization in X.700.