Abstract. We apply SecPAL, a logic-based policy language for decentralized authorization and trust management, to our case study of automated software distribution for airplanes. In contrast to established policy frameworks for authorization like XACML, SecPAL offers constructs to express trust relationships and delegation explicitly and to form chains of trusts. We use these constructs in our case study to specify and reason about dynamic, ad-hoc trust relationships between airlines and contractors of suppliers of software that has to be loaded into airplanes.Keywords: Authorization, trust management, security-tokens, logic, softwaredistribution 1 Why do we need dynamic, decentralized authorization and trust management?Electronically collaboration increasingly takes place not only within security domains, but between enterprises and individuals with no pre-established trust relationships. The application areas comprise industrial applications, energy management and distribution, transportation systems, healthcare, and many others. The use case we focus on is the distribution of software 'parts' to airplanes. The challenge is not only to transport such software parts from the airline to the airplane, but that a range of other parties -suppliers, the airplane manufacturer, and service providers -are involved. There is a strong security requirement that only unmodified parts that have been released by trusted producers are loaded into the airplane.Triggered by the increasing demand for electronic communication and collaboration over the Internet, there is also a strong trend towards using standard protocols and frameworks as a uniform interface to existing computer systems and programming frameworks, based on standardized XML messages that are exchanged