J. Marchesini, S. Smith, "Modeling Public Key Infrastructures in the Real
World", in 2nd European PKI Workshop (EuroPKI 2005), LNCS 3545, pp. 118-134, Springer, November 2005.

http://dx.doi.org/10.1007/11533733_8  

Abstract
PKIs are complex distributed systems that are responsible for giving users
enough information to make reasonable trust judgments about one another. Since
the currencies of PKI are trust and certificates, users who make trust decisions
(often called relying parties) must do so using only some initial trust beliefs
about the PKI and some pile of certificates (and other assertions) they received
from the PKI. Given a certificate, a relying party needs to conclude that the
keyholder described by the certificate actually possesses the properties
described by the certificate. In this paper, we present a calculus that allows
relying parties to make such trust judgements. Our calculus extends Maurer's
deterministic model, and is focused on real world issues such as time,
revocation, delegation, and heterogeneous certificate formats. We then
demonstrate how our calculus can be used to reason about numerous situations
that arise in practice.