As network and computer security increases in importance, the design and implementation of a robust trust management framework has become a more important part of the creation of networked services and other applications. However, the design and implementation of a trust management framework is often relatively unrelated to the functionality of the services and applications that rely on it, and, as a result, the architects of such services or applications may lack the specialized knowledge to design and implement a trust management framework in an efficient, correct manner.
Trust management can entail the use of various building blocks, such as cryptography, the public key infrastructure, digital certificates (and the chaining thereof), security assertion markup language (SAML) assertions (e.g., to define roles), and the like. In general terms, a trust management framework typically defines how a system verifies that entities are who they say they are and ensures that entities are only allowed to perform the actions that they are authorized to perform. Configuring a self-consistent, secure trust management framework can be a complex task, since, in a given system, there will typically be a variety of entities with overlapping roles and authorizations.