Abstract A practical trust management system for the WebCom distributed computing architecture is described. KeyNote credentials are used to determine the authorisation of X509 authenticated SSL connections between peers. WebCom provides a meta-language (glue) for bringing together the components of a distributed application in such a way that the components need not concern themselves with synchronisation or concurrency issues. The integration of KeyNote in WebCom enhances the trust management framework by providing for a complete separation of security from the components of a distributed application into a single security critical component. This encourages a loose coupling between application components and trust management, which, in addition to supporting off the shelf application components, results in applications that are easier to develop, understand, maintain and secure.