RTML: A Role-based Trust-management Markup Language

RT is a framework for Role-based Trust Management [20]. In comparison with systems like SPKI/SDSI and KeyNote, the advantages of RT include: a declarative, logic-based semantic foundation, support for vocabulary agreement, strongly-typed credentials and policies, more flexible delegation structures, and more expressive support for Separation-of-Duty policies. This paper describes advances in the RT framework that broaden its applicability and presents RTML, an XMLbased data representation for RT policies and credentials. Improvements in RT include new data types to encode permissions involving structured resources and ranges, restrictive inheritance of roles for flexible refinement of permissions, and notions of identity roles and identity-based roles for enforcing separation-of-duty when a physical user holds multiple keys. RTML establishes a precise format for RT credentials and policies, facilitating deployment of the RT framework.