abstract ;;Quote: SD3 trust management computes answer and verified proof together; only certified evaluator in trusted computing base; e.g., a secure name service

107 ;;Quote: SD3 extends datalog by associating names with authenticated public keys, e.g., T(x,y):-K$E(x,y) holds if E(x,y) and relation E under keyholder of K

107 ;;Quote: SD3 names may be tied to an IP address; e.g., (K@A)$E(x,y) is relation E at A under public key K; remote evaluator returns E(x,y) as a certificate signed by its private key

107 ;;Quote: use one public key K to distribute many keys via chains of trust; K controls key-address pairs for verifying an edge relation

109 ;;Quote: secure DNS resolver in 10 lines of code; easier to understand than BIND's security policy

111 ;;Quote: certified evaluation via a proof checker for lists of facts, security rules, and derivations; 100 lines of code