Using digital credentials on the World Wide Web

Often an information source on the Web would like to provide different classes of service to different clients. In the autonomous, highly distributed world of the Web, the traditional approach of using authentication to differentiate between classes of clients is no longer sufficient, as knowledge of a client's identity will often not suffice to determine whether a client is authorized to use a service. Our goal in this research project is to explore the use of digital credentials, digital analogues of the paper credentials we carry in our wallets today, to help solve this problem. In this paper we describe the major features required of a Web environment deploying digital credentials, including the introduction of security assistants for both clients and servers, and report on the status of our investigation into a credential-based environment.