The Internet of Things (IoT) consists of a large number of entities (e.g. users and devices) and applications connected through a communication infrastructure. In such large-scale and dynamic systems, the fundamental issue is whether one entity can securely communicate with another and if so, then to what extent. In the IoT, entities must interact with one another often in unknown and uncertain circumstances. Therefore, in such systems, it is important to include mechanisms that can help in such interactions by overcoming this uncertainty. We argue that the notion of trust can assist in addressing such issues. Trust mechanisms allow entities to decide whether or not to interact with other entities. However, the concept of trust is used with different meanings and in various contexts. Research into the metrics and methods for establishing trust in dynamic IoT systems is still in its early stages. Implementing trust in an IoT system is challenging due to the nature of the IoT systems themselves. In this paper, we propose a trust management framework that can improve access control mechanisms easing the decision making process under uncertainty. We introduce a well-defined trust model for IoT supporting attribute-based identity without the need for unique concrete identification of an entity. Finally, we develop a theoretical foundation for a trust model that can support our decision making work on access control in large-scale IoT systems.