Establishing and managing trust within the public key infrastructure

The capabilities afforded by the Public Key Infrastructure certainly facilitate the growth of secure internet-based transactions. However, the provision of acceptable and effective certification services will only be achieved when an enhanced level of trust is established between the entities involved. Trust in the information society is built on various different grounds, based on calculus, on knowledge or on social reasons. The notion of trust against a Trusted Third Party expresses the customer's faith in specific operational, ethical and quality characteristics, while it also includes the acknowledgement of a minimum risk factor by the relying party. Trust has the properties of selectivity and transitivity and therefore it must be properly delimited and restricted. The trust relationships have to be effectively managed at the client side, where a trust database shall be maintained in three abstract levels, containing all the necessary information to enumerate, distinguish and evaluate the relationships with other entities. The major factors that affect trust are reflected in the requirements for quality of the services provided and in the terms and conditions of qualified policies. (C) 2003 Elsevier B.V. All rights reserved.