Local Names In SPKI/SDSI 2.0
|
Abstract:
In this paper, we analyze the notion of "local names " in SPKI/SDSI 2.0 and show that local names can be interpreted as distributed groups and distributed roles. Based on the distributedgroup interpretation, we develop a simple logic program for SPKI/SDSI's linked local-name scheme and prove that it is equivalent to the name-resolution algorithm in SDSI 1.1 and the 4-tuple-reduction mechanism in SPKI/SDSI 2.0. This logic program is by itself a logic for understanding SDSI's linked local-name scheme. This logic has several advantages over previous logics, e.g., those in [1] and [9]. For one thing, it is directly implementable. We have also enhanced our logic program to handle threshold functions and certificate reduction as well as certificate discovery. We also discuss the use of local names for the purpose of authorization and show that they can be used in ways similar to roles in Role-Based Access Control (RBAC). We suggest several modifications to SPKI/SDSI 2.0 to make it simpler and cleaner. Among other things, we question the value of delegation certificates. 1
Citations
| 344 | Authentication in Distributed Systems: Theory and Practice – Lampson, Abadi, et al. - 1991 |
| 236 | A calculus for access control in distributed systems – Abadi, Burrows, et al. - 1993 |
| 179 | Tabled evaluation with delaying for general logic programs – Chen, Warren - 1996 |
| 73 | On SDSI’s linked local name spaces – ABADI - 1998 |
| 66 | Internet privacy enhanced mail – Kent - 1993 |
| 52 | SPKI certificate theory – Ellison, Frantz, et al. - 1999 |
| 10 | The role of trust management in distributed systems – Blaze, Feigenbaum, et al. - 1999 |
| 2 | der Meyden, "A Logic for SDSI's Linked Local Name Spaces -- Preliminary Version – Halpern, van - 1999 |
