On an abstract level the notion of 'trust' is pretty clear e.g.: "The extent to which someone who relies on a system can have confidence that the system meets its specifications" (RFC 2828). Obviously, trustworthiness is a property that we'd expect from IT-systems we depend on. As a matter of fact, IT-systems are designed to be capable to create and process arbitrary patterns of binary information. This fundamental property does include the ability to manipulate data objects, return improper function call results, and exchange faked data packets or messages. Thus, how to establish confidence in services provided by operating systems as well as local or remote computing resources? How to trust received IP packets, E-Mail messages, or HTTP responses? In essence: how to bootstrap the property of trust in systems that rely on the processing of binary information while being able to manipulate any binary information? This presentation investigates base technologies for trust enhancing. It examines the role of cryptography as a trust facilitator for IT-systems: the merits of cryptographic technologies with respect to trust enhancement are identified; the relevance of recent technology initiatives in the world of XML (e.g. Liberty Alliance, SAML, WS-Security, XACML, XKMS, XML-Encryption, and XML-Signature) is analyzed.

1. Dr. Oliver Pfaff Siemens AG Technologies for Trust – How does Cryptography Fit the Bill?

9. Authentication-Enabled Services Authentication Encryption Thwart active attacks Single-Sign-On Transfer authentication Access control Determine authorization Non-repudiation Validate and interpret evidence Privacy Enforce policies Digital rights management Control content distribution

10. Related Initiatives in XML-Security XML Encryption XML Signature WS-Security Liberty Alliance SAML XACML XAdES ODRL XrML P3P Encryption Single-Sign-On Access control Non-repudiation Privacy Digital rights management Authentication