1 Introduction

During the past three decades, the computing environment has changed from centralized stationary computers to distributed and mobile computing. This evolution has profound implications for the security models, policies and mechanisms needed to protect users’ information and resources in an increasingly globally interconnected open computing infrastructure. In centralized stationary computer systems, security is typically based on the authenticated identity of other parties. Strong authentication mechanisms, such as Public Key Infrastructures (PKIs) [1,2], have allowed this model to be extended to distributed systems within a single administrative ...