Developing Electronic Trust Policies Using a Risk Management Model

Trust management systems provide mechanisms which can enforce a trust policy for authorisation and web content. However, little work has been done on identifying a process by which such a policy can be developed. This paper describes a mechanism for developing trust policies using a risk management model, and relates this to a conceptual framework of trust. The process uses an extended risk management model that takes into consideration beliefs about the principals being trusted and the impersonal structures and systems involved. The paper also applies the extended risk management model to a hypothetical case study in which an individual is making investments using an electronic trading service.