Emerging electronic commerce services that use public-key cryptography on a mass-market scale require sophisticated mechanisms for managing trust. For example, any service that receives a signed request for action is forced to answer the central question \Is the key used to sign this request authorized to take this action?" In some services, this question reduces to \Does this key belong to this person?" In others, the authorization question is more complicated, and resolving it requires techniques for formulating security policies and security credentials, determining whether particular sets of credentials satisfy the relevant policies, and deferring trust to third parties. Blaze, Feigenbaum, and Lacy 1] identi ed this trust management problem as a distinct and important component of network services and described a general tool for addressing it, the PolicyMaker trust management system. At the heart ofa trust management system is an algorithm for compliance checking.The inp...