Abstract:
SPKI/SDSI is a novel public-key infrastructure emphasizing naming, groups, ease-of-use, and flexible authorization. To access a protected resource, a client must present to the server a proof that the client is authorized; this proof takes the form of a "certificate chain" proving that the client's public key is in one of the groups on the resource's ACL, or that the client's public key has been delegated authority (in one or more stages) from a key in one of the groups on the resource's ACL. While finding such a chain can be nontrivial, due to the flexible naming and delegation capabilities of SPKI/SDSI certi cates, we present a practical and efficient algorithm for this problem of "certificate chain discovery." We also present a tight worst-case bound on its running time, which is polynomial in the length
Citations
|
6121
|
Introduction to Algorithms
– Cormen, Leiserson, et al.
- 2001
|
|
1640
|
Handbook of Applied Cryptography
– Menezes, Oorschot, et al.
- 1996
|
|
351
|
Authentication in distributed systems: Theory and practice
– LAMPSON, ABADI, et al.
- 1992
|
|
258
|
SDSI – A simple distributed security infrastructure. Presented at CRYPTO’96 Rumpsession
– Rivest, Lampson
- 1996
|
|
253
|
A calculus for access control in distributed systems
– Abadi, Burrows, et al.
- 1993
|
|
249
|
Protection in operating systems
– Harrison, Ruzzo, et al.
- 1976
|
|
131
|
KeyNote: Trust management for public-key infrastructures (position paper
– Blaze, Feigenbaum, et al.
- 1998
|
|
75
|
On SDSI’s linked local name spaces
– Abadi
- 1997
|
|
63
|
Compliance checking in the policymaker trust-management system
– Blaze, Feigenbaum, et al.
- 1998
|
|
41
|
Secure Electronic Commerce : Building the Infrastructure for Digital Signatures and Encryption
– Ford, Baum
- 1997
|
|
35
|
A formal semantics for SPKI
– Howell, Kotz
- 2000
|
|
30
|
A linear time algorithm for deciding security
– Jones, Lipton, et al.
- 1976
|
|
30
|
der Meyden. A logic for SDSI's linked local name spaces
– Halpern, van
- 2001
|
|
27
|
SDSI—A Simple Distributed Security Infrastructure
– Rivest, Lampson
- 1996
|
|
21
|
Certificate discovery using SPKI/SDSI 2.0 certificates
– Elien
- 1998
|
|
20
|
Local names in SPKI/SDSI
– Li
- 2000
|
|
14
|
A java implementation of simple distributed security infrastructure
– Morcos
- 1998
|
|
14
|
Fast access control decisions from delegation certificate databases
– Aura
- 1998
|
|
11
|
Cryptography and Information Secu-rity Group Research Project: A Simple Distributed Security Infrastructure (SDSI). http://theory.lcs.mit.edu/~cis/sdsi.html
– Rivest, Lampson
- 1996
|
|
11
|
An implementation of a secure web client using SPKI/SDSI certificates
– Maywah
- 2000
|
|
6
|
A Trusted Execution Platform for multiparty computation
– Ajmani
- 2000
|
|
3
|
Web-based user interface for a Simple Distributed Security Infrastructure (SDSI
– Elcock
- 1997
|
|
3
|
RFC 2692: SPKI requirements. The Internet Society
– Ellison
- 1999
|
|
3
|
Simple Public Key Certificate. The Internet Society
– Ellison, Frantz, et al.
- 1998
|
|
2
|
See http://www.clark.net/pub/cme/spki.txt; This is draft-ietf-spki-cert-structure-05.txt
– Ellison, Frantz, et al.
- 1998
|
|
2
|
See http://www.clark.net/pub/cme/examples.txt; This is draft-ietf-spki-cert-examples-01.txt
– Ellison, Frantz, et al.
- 1998
|
|
2
|
Certificate documentation (See http://www.clark.net/pub/cme/html/spki.html
– Ellison
- 1998
|
|
2
|
Certi discovery using SPKI/SDSI 2.0 certi
– Elien
- 1998
|
|
1
|
SPKI certificate documentation. See http://www.pobox.com/~cme/spki.html
– Ellison
- 1998
|
|
1
|
An implementation of SDSI--the Simple Distributed Security Infrastructure
– Fredette
- 1997
|
|
1
|
SPKI/SDSI certi documentation. See http://world.std.com/~cme/html/spki.html
– Ellison
- 2001
|
|
1
|
SPKI/SDSI certificate documentation. See http://world.std.com/~cme/html/spki.html
– Ellison
- 2001
|
|
