Systems and methods are disclosed for managing and protecting electronic content and applications. Applications, content, and/or users can be given credentials by one or more credentialing authorities upon satisfaction of a set of requirements. Rights management software/hardware is used to attach and detect these credentials, and to enforce rules that indicate how content and applications may be used if certain credentials are present or absent. In one embodiment an application may condition access to a piece of electronic content upon the content's possession of a credential from a first entity, while the content may condition access upon the application's possession of a credential from a second entity and/or the user's possession of a credential from a third entity. Use of credentials in this manner enables a wide variety of relatively complex and flexible control arrangements to be put in place and enforced with relatively simple rights management technology.