KeyNote: Trust Management for Public-Key Infrastructures Summary: KeyNote is application-independent policy database. The KeyNote policy language allows both local policies and remote policies (credentials) to be installed. Main points: * KeyNote maintains a database that maps public keys to strings describing certain permissions. - the identity of the key holder and the semantics of the permission string is application-dependent (that is, not defined by KeyNote) * Policies can be loaded locally, or loaded remotely via credentials. In the latter case, a chain of assertions must hold (local policy asserts that Bob asserts that Sally asserts that I can read this file). * Public keys are not directly mapped to action strings. Rather, keys are mapped to filters, which are programs that run in a restricted environment (i.e., regular expression matching).