C. M. Ellison. SPKI Certificate Documentation, 1998. http://www.clark.net/pub/cme/html/spki.html  Home/Search   Document Not in Database   Summary   Related Articles   Check

....Attribute Authority (AA) The coalition AA operates effectively by distributing threshold attribute certificates to coalition users granting them privileges for setting and updating policy objects and for accessing resources. Threshold k of n attribute certificates or similar threshold structures [4, 6, 10, 19] distribute privileges to n principals in a manner that requires at least k of the n principals to sign an access request to be granted (such access requests are called joint access requests) For example, in a jointly owned database, it may be required that three specified coalition users, one ....

....servers to trust signatures on the certificates. This implies that authorization protocols must capture trust relations between the servers and the domains that sign threshold attribute certificates with distributed private key shares. Current access control logics and trust management systems [1, 6, 10, 19] cannot capture these trust relations and hence cannot be used for joint administration of access policies with shared public keys. They can, however, be used for administration of access policies for shared coalition resources with conventional public keys as discussed in [23] We extend ....

[Article contains additional citation context not shown here]

C.M.Ellison, "SPKI Certificate documentation" (See http://world.std.com/-cme/html/spki.html), 1998.

....dynamic coalitions or secure enclaves) typically relies on establishing common authorization domains among autonomous enterprises. These domains tend rely on Public Key Infrastructures (PKIs) to authenticate and authorize users of foreign domains. Various PKIs, such as X. 509 [4, 7, 13] SPKI [3], SDSI [13] and PKI applications, such as presented by Lampson et al. 9] and Abadi et al. 1] include both identity certificates and access control (i.e. attribute, delegation) certificates. Identity certificates are used for authenticating users. Attribute certificates are now being used for ....

C.M.Ellison, SPKI Certificate documentation (See http://www.clark.net/pub/cme/html/spki.html), 1998.

....revocation problems and, at the same time, make access review more complex. 1 Introduction The distribution and revocation of identity certificates in Public Key Infrastructures (PKIs) have been extensively addressed in the literature [7, 8, 12] Various PKIs, such as X. 509 [6, 10] SPKI [2], SDSI [11] and PKI applications [1,8] also include access control (i.e. attribute, delegation) certificates, which are commonly used for the distribution and revocation of access privileges. These certificates incorporate group membership or access privileges that are distributed selectively ....

....and a privilege distribution method based on PKI. In section 3, we provide examples of typical dependencies between access control and identity certificates, and explain the need for selective and transitive revocation in PKIs. In section 4, we show that one of the best known PKIs, namely SPKI [2], eliminates the need for selective revocation, but offers no support for transitive certificate revocation despite allowing transitive certificate delegation. We also point out that SPKI introduces substantial difficulty for access review. Section 5 concludes this paper. 2 Access Authorization ....

[Article contains additional citation context not shown here]

Carl M. Ellison. SPKI Certificate documentation, http://www.clark.net/pub/cme/html/spki.html, 1998.

.... It has been argued that, whenever a client is associated with a public key K, the client should prove possession of the corresponding secret key K 1 [56, Remark 13.23] However, this view is not universal it is not shared, in particular, in some recent public key infrastructure designs [31]. Encrypting a session key While the first example shows that a signature may lead to responsibility, the second example shows that an encryption may lead to credit, and that a decryption may lead to responsibility. We consider the situation where a principal A transmits a session key K (say, a ....

Carl M. Ellison. SPKI certificate documentation. Web pages at http://www.clark.net /pub/cme/html/spki.html, 1997.

....even the level of deployment of SSL certificates. Moreover, IPsec is geared towards security between machines or networks, and ill suited to applications like SFS in which untrusted users participate in key management and sign messages cryptographically bound to session keys. SPKI SDSI. SPKI SDSI [8, 24] is a key distribution system that is similar in spirit to SFS s egalitarian namespace and that could be implemented on top of SFS. In SPKI SDSI, principals are public keys, and every principal acts as a certification authority for its own namespace. SFS effectively treats file systems as public ....

Carl M. Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian M. Thomas, and Tatu Ylonen. SPKI certificate documentation. Work in progress, from http://www.pobox.com/~cme/html/spki.html.

.... It has been argued that, whenever a client is associated with a public key K, the client should prove possession of the corresponding secret key K 1 [MvOV96, Remark 13.23] However, this view is not universal it is not shared, in particular, in some recent public key infrastructure designs [Ell97]. 2.2 Encrypting a Session Key While the first example shows that a signature may lead to responsibility, the second example shows that an encryption may lead to credit, and that a decryption may lead to responsibility. We consider the situation where a principal A transmits a session key K ....

Carl M. Ellison. SPKI certificate documentation. Web pages at http://www.clark.net/pub/cme/html/spki.html, 1997.

....be viewed as coming from Rivest. Compound names like Lampson # s Rivest allow one name space to import bindings from another. Linked local name spaces offer the promise of combining some of the advantages of PGP style local certification with those of hierarchical certification schemes (see, e.g. [4, 6, 12, 3, 5]) In particular, SDSI certification is egalitarian, and does not need to assume any global trust or any global notion of identity (beyond that inherent in public key cryptography) On the other hand, SDSI can take advantage of structured trust relations and naming conventions, when such exist. ....

....reference to particular implementations. Nevertheless, the SDSI name resolution algorithm can be recast as a sound proof method within the logic. Hopefully, this work will contribute to the understanding of naming in SDSI and in related systems such as Simple Public Key Infrastructure (SPKI) [5]. The next section introduces basic concepts and notations. Section 3 develops a logic for linked local name spaces, and proves the soundness of the SDSI 1 name resolution algorithm with respect to the logic. It also contains an example. Section 4 defines a semantics for the logic. The semantics ....

[Article contains additional citation context not shown here]

Carl M. Ellison. SPKI certificate documentation. Web pages at http: //www.clark.net/pub/cme/html/spki.html, 1997.

....administrative domains are allowed to define their own policies. This capability has two primary policy aspects: authorization policy and certificate distribution policy. There have been a number of recent proposals about how to express authorization policies in large scale distributed systems [4, 16, 5, 3]. Work on certificate distribution has focused on the design of directory systems such as DNS DNSSEC [19, 17, 1] the ISO Directory [13] and the Lightweight Directory Access Protocol (LDAP) 22, 12] Such directories are used to hold certificates (digitally signed documents) providing information ....

Carl M. Ellison, Bill Frantz, Ron Rivest, and Brian M. Thomas. SPKI certificate documentation. http://www.clark.net/pub/cme/html/ spki.html.

....even the level of deployment of SSL certificates. Moreover, IPsec is geared towards security between machines or networks, and ill suited to applications like SFS in which untrusted users participate in key management and sign messages cryptographically bound to session keys. SPKI SDSI. SPKI SDSI [7, 21] is a key distribution system that is similar in spirit to SFS s egalitarian namespace and that could be implemented on top of SFS. In SPKI SDSI, principals are public keys, and every principal acts as a certification authority for its own namespace. SFS effectively treats file systems as public ....

Carl M. Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian M. Thomas, and Tatu Ylonen. SPKI certificate documentation. Work in progress, from http:// www.clark.net/pub/cme/html/spki.html.

....mean one in which one party submits a request, possibly supported by one or more credentials, that must comply with another party s policy if it is to be granted. Scenarios that require authorization decisions include content advising [23] mobile code execution [11] public key infrastructure [6, 27, 16, 9, 24], and privacy protection [20, 18] Electronic commerce is one class of services in which authorization decisions play a prominent role. Merchants and customers both have valuable resources at risk and must have appropriate policies in place before authorizing access to these resources. An ....

....access control is no longer appropriate. Who made this request may not be a meaningful question the authorizer may not even know the requester, and thus the identity or name of the requester may not help in the authorization decision. The goal of a growing body of work on trust management [4, 5, 9, 7, 3] is to find a more flexible, more distributed approach to authorization. The trust management literature approaches the basic authorization question directly: Does the set C of credentials prove that the request r complies with the set of local security policies P The trust management ....

[Article contains additional citation context not shown here]

C. Ellison, "SPKI Certificate Documentation," http://www.pobox.com/cme/html/spki.html.

....we mean one in which one party submits a request, possibly supported by one or more credentials, that must comply with another party s policy if it is to be granted. Scenarios that require authorization decisions include content advising [25] mobile code execution [11] public key infrastructure [6, 29, 18, 9, 26], and privacy protection [22, 20] Electronic commerce is one class of services in which authorization decisions play a prominent role. Merchants and customers both have valuable resources at risk and must have appropriate policies in place before authorizing access to these resources. An ....

....access control is no longer appropriate. Who made this request may not be a meaningful question the authorizer may not even know the requester, and thus the identity or name of the requester may not help in the authorization decision. The goal of a growing body of work on trust management [4, 5, 9, 7, 3] is to find a more flexible, more distributed approach to authorization. The trust management literature approaches the basic authorization question directly: Does the set C of credentials prove that the request r complies with the set of local security policies P The trust management engine ....

[Article contains additional citation context not shown here]

C. Ellison, "SPKI Certificate Documentation," http://www.pobox.com/~cme/html/spki.html.

....application workloads, while additionally providing security and lease based consistency. The specifics of our implementation are beyond the scope of this position paper; the system is described in detail in [10] 6 Related work SFS s egalitarian namespace is similar in spirit to the SPKI SDSI[3, 12] security infrastructure. In SPKI SDSI, principals are public keys, and every principle acts as a certification authority for its own namespace. SFS effectively treats file systems as public keys. However, because file systems inherently represent a namespace, SFS has no need for special ....

Carl M. Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian M. Thomas, and Tatu Ylonen. SPKI certificate documentation. Work in progress, from http://www.clark.net/pub/cme/html/spki.html.

....stimulate discussion at a public key infrastructure session of an e commerce conference. In particular, it is not our goal here to put forth new results and proposals. All of the technical material alluded to here has been developed (at AT T Labs and elsewhere) in previous work; please see, e.g. [4, 6, 7, 8] and the references therein for technical development. 2 The Phone book Metaphor and Why It is Flawed It is worth examining the origin of the phone book metaphor and the precise way in which it fails. In fact, this flawed metaphor is as old as public key cryptography itself. In their seminal ....

....database of certificates can be implemented. 3 Infrastructure for Authorization We now give a (partial) list of the infrastructural needs that must be met before digital signatures can be processed by computers on the same scale that paper signatures are now processed by people. Recall that [4, 6, 7, 8] and the references therein present recent and ongoing technical work that addresses some (but not all) of these needs. Expressive Credentials: Instead of certificates that bind users names to verification keys, e commerce needs a much richer and more flexible notion of credentials that ....

C. Ellison, "SPKI Certificate Documentation, " http://www.pobox.com/~cme /html/spki.html

....has influenced our choice of examples in this paper, which include the formation of access control lists (ACLs) certificate based data filtering, and public key infrastructure. There have been many other recent proposals for managing certificates, including PolicyMaker [2] SDSI [7] and SPKI [5]. These systems include only limited support for distributed database operations (to form groups, define access control lists, provide for queries about identity certificates, and so on) But they will need to interface with existing database systems anyway if they are to support some of their ....

Carl M. Ellison, Bill Frantz, Ron Rivest, and Brian M. Thomas. SPKI certificate documentation. http://www.clark.net/pub/cme/html/ spki.html.

....Since then, the notion of a certificate has been expanded to include: Labeling a public key with a label or attribute, such as a nickname, group name, SDSI name, account number, photo, etc. Authorizing a key (or all keys with a given label or name) to do something. The SPKI SDSI effort[1, 6] explores some of these varieties of certificates. In any case, a certificate typically specifies the issuer, the subject, an issue date, and an expiration date. Certificates are an essential component of any infrastructure to support digital signatures. Suppose a signer Alice sends a signed ....

Carl M. Ellison. SPKI certificate documentation. (See http://www.clark.net/pub/cme/html/spki.html), 1998.

....for brevity, it has been called just SPKI or just SDSI, but the reference is now always to the merged design. A SPKI working group of the IETF was formed in 1996 that has continued to refine the design[15] Various RFC s and Internet drafts[8, 9, 10, 11] document this work. Two web sites [20, 7] give further pointers to work on SPKI SDSI. Several MIT EECS Master s theses [13, 19, 6, 5] have studied various algorithmic and implementation aspects of SPKI SDSI. Of most relevance is JeanEmile Elien s master s thesis[6] which focuses on the certificate chain discovery problem and gives an ....

Carl M. Ellison. SPKI certificate documentation. See http://www.pobox.com/~cme/spki.html., 1998.

....for brevity, it has been called just SPKI or just SDSI, but the reference is now always to the merged design. A SPKI working group of the IETF was formed in 1996 that has continued to refine the design[15] Various RFC s and Internet drafts[8, 9, 10, 11] document this work. Two web sites [20, 7] give further pointers to work on SPKI SDSI. Several MIT EECS Master s theses [13, 19, 6, 5] have studied various algorithmic and implementation aspects of SPKI SDSI. Of most relevance is JeanEmile Elien s master s thesis[6] which focuses on the certificate chain discovery problem, and gives an ....

Carl M. Ellison. SPKI certificate documentation. See http://www.clark.net/pub/cme/html/spki.html., 1998.

No context found.

C. M. Ellison. SPKI Certificate Documentation, 1998. http://www.clark.net/pub/cme/html/spki.html

No context found.

Carl M. Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian M. Thomas, and Tatu Yl onen. SPKI certificate documentation. Work in progress, from http://www.pobox. com/cme/html/spki.html, 2002.

No context found.

Carl M. Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian M. Thomas, and Tatu Ylnen. SPKI certificate documentation. Work in progress, from http://www.pobox. com/~cme/html/spki.html, 2002.

No context found.

Carl M. Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian M. Thomas, and Tatu Ylnen. SPKI certificate documentation. Work in progress, from http://www.pobox. com/~cme/html/spki.html, 2002.

No context found.

Carl M. Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian M. Thomas, and Tatu Ylonen. SPKI certificate documentation. Work in progress, from http://www.pobox.com/~cme/html/spki.html.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC