How trust is provided and managed
- policies (for people and systems)
- permissions (for agent that interact w/ system)
- protections (mechanisms to enforce policies/permissions)
The ability to determine that statements, policies, and permissions issued by persons or systems are genuine.
Objective achieved via digital signatures. This is turn creates non-repudiation.
Aggregation: combining of data from many individuals so that disclosed data not tied to any individual
Mixing: intertwining of data in way that cannot be traced to individual
Proxies: web proxy
Pseudonyms: ficitonal identities
10 Security Principles