"Visions for a new trust model that will allow extending secure communications across federated, virtualized, multi-domain networks."

Findings:

There are essentially two traditional trust models:

• Hierarchical trust models, rooted at a trusted origin, such as PKI and other certificate-based models, and

• Less structured hoc "web-of-trust" models, as used by PGP/GnuPrivacyGuard, where the trustworthiness of a credential is a function of attestation by multiple trusted peers

Trust can sometimes be tightly coupled to notions of identity, and reputation, although those are not ubiquitously present in all cases. For example, a trusted party's ultimate "real life" identity may not always be known.

Federated trust models, such as those based on Shibboleth & InCommon or Kerberos also are seeing active development and widespread deployment in some communities.

There are many practical problems which remain unsolved: revocation lists are still problematic, for example, and the ad hoc nature of PGP/GnuPrivacyGuard's can deter adoption in some business application.

Secure communication is already possible across federated, virtualized, multi-domain networks.

Recommendations:

What is urgently needed is further exploration is work on making existing trust models more practically usable.

The linkages between concepts of trust, identity (or anonymity) and reputation also require additional research.