Basing authorization on attributes of the resource requester provides flexibility and scalability that is essential in the context of large distributed systems. The first part of this talk will summarize an attribute-based authorization framework built on logic programming: RT, a family of Role-based Trust-management languages that enables authorization decisions to be made based on attribute credentials issued in a non-hierarchical, decentralized manner. The second part of the talk will consider the problem of assessing authorization policies with respect to the vulnerability of resource owners to a variety of security risks to which they are exposed by delegation acts, risks such as authorization of undesirable prinicpals or inaccessability of critical resources. In the context of RT policies, we will consider general forms and several examples of such security properties. Many general properties can be decided efficiently; for others the complexity depends on the subset of RT in which the policy is expressed. The third part of the talk will visit the problem of using attribute credentials to obtain access when the credentials and their contents may themselves be private. Trust negotiation, a simple approach to this problem, will be introduced, as well as an intuitive and useful security property formalizing the protection of private credentials. The talk will close with a summary of on-going and future research. This work was funded by DARPA and the NSF.