"Web surfing is a dangerous sport," observes one of the key papers in
Web Security: A Matter of Trust, the Summer 1997 issue of the
World Wide Web Journal. Indeed it is -- we are always at risk while downloading "cool" new applets, protecting secure information services, and even in trusting that a Web page comes from the stated author. The interviews, specifications, and articles in this issue reframe the debate as a matter of trust rather than cryptography.
Of course, strong security technology is still the foundation (good fences make good neighbors!), but a broad recent survey concerning public Web site vulnerability shows that our fences are in poor shape. The remedy is more careful administration, deployment of new cryptographic protocols, and public key distribution infrastructure. To protect real-world applications such as health care, electronic commerce, and protected "lockboxes" for digital content, however, means understanding tough concepts: Who is authorized to look at this data? Why? And on whose authority? This leads us to questions of trust management, a new approach to automated security decision making.
This issue covers W3C's Digital Signature Initiative (DSI), which breaks new ground in this area by binding machine-readable labels to public key signatures. Other topics include medical records privacy issues (Lincoln Stein), signature legality (C. Bradford Biddle), trust in Internet information systems (Rohit Khare), the PGP Web of Trust (Simson Garfinkel), REFEREE: a trust management system for Web applications (presented at WWW6 by Yang-Hua Chu), as well as articles on Java security, the "hacker threat," and much more.