QCM
QCM (Query Certificate Manager) is a trust management system that I created with Carl Gunter starting in 1996. It was the first distributed trust management system, and the first based on a “declarative” query language.
UPDATE March 5, 2008: I've gotten a few requests for the source code. It was released as part of the SwitchWare project, namely, as part of PLAN. Ocaml, the implementation language, has changed a bit since then, so I've dusted it off and made sure it compiles with the current version (ocaml 3.10). Here it is. Note that at some point I removed support for non-cryptographic principals, so only the examples with cryptographic principals are working; I've left the others in place for reference.

I implemented two versions of QCM. The first was based on the relational algebra; the second was based on the relational calculus. Of course, by Codd's Theorem, these are just syntactic variants of the same language; they are equivalent to non-recursive Datalog.

The main limitation of QCM was that it did not have good support for recursive policies. I addressed this in QCM's successor, SD3. SD3 is essentially QCM extended with while-loops, using a syntax based on Datalog.

There are several papers describing QCM:

Design of an Application-Level Security Infrastructure. Carl A. Gunter and Trevor Jim. DIMACS Workshop on Design and Formal Verification of Security Protocols, September 3–5, 1997.
Policy-Directed Certificate Retrieval. Carl A. Gunter and Trevor Jim. Technical Report MS–CIS–99–07, Department of Computer and Information Science, University of Pennsylvania. September 1998. A revised version is published in Software Practice and Experience, 30(15):1609–1640, 2000.
The SwitchWare Active Network Implementation. D. Scott Alexander, Michael W. Hicks, Pankaj Kakkar, Angelos D. Keromytis, Marianne Shaw, Jonathan T. Moore, Carl A. Gunter, Trevor Jim, Scott M. Nettles, and Jonathan M. Smith. Notes of the ACM SIGPLAN Workshop on ML, 67–76, September 1998.
What is QCM? Carl A. Gunter and Trevor Jim. August 1999.
Generalized Certificate Revocation. Carl A. Gunter and Trevor Jim. ACM Symposium on Principles of Programming Languages, January 2000.
Certificate Distribution with Local Autonomy. Pankaj Kakkar, Michael McDougall, Carl A. Gunter, and Trevor Jim. The Second International Working Conference on Active Networks, October 2000.

There is also an old QCM home page.