B. Lampson and R. Rivest. Cryptography and Information Security Group Research Project: A Simple Distributed Security Infrastructure. Technical report, MIT, 1997.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....on to other entities) Authorization (a specification of the power that the issuer is conferring on the subject) and Validity dates. The SPKI certificate format is compatible with the Simple Distributed Security Infrastructure (SDSI) local names format proposed by Rivest and Lampson [LR97] and Ellison et al. EFR 97] explain how to integrate the two. The SPKI documentation [EFR 97] states that The processing of certificates and related objects to yield an authorization result is the province of the developer of the application or system. The processing plan presented ....

B. Lampson and R. Rivest. Cryptography and Information Security Group Research Project: A Simple Distributed Security Infrastructure. Technical report, MIT, 1997.

....possibly supported by one or more credentials, that must comply with another party s policies if it is to be granted. Scenarios that require authorization decisions include electronic commerce, health care [2, 7] content advising [28] mobile code execution [12] public key infrastructure [9, 30, 19, 11, 27], and privacy protection [24, 23] Authorization in Internet services is significantly different from authorization in centralized systems or even in distributed systems that are closed or relatively small. In these older settings, authorization of a request is divided into authentication ( who ....

....structure. This threshold structure supports a base atom if at least two principals among the threshold pool [cardA, cardB, cardC] support . out of threshold functions are common in many existing authorization systems, e.g. PolicyMaker [6, 8] KeyNote [5] SPKI SDSI [11, 27], and Delegation Networks [3] Such threshold structures introduce fault tolerance and aid flexibility in joint authorization. A static unweighted threshold structure expresses such thresholding for explicit cases where the threshold value and threshold pool are explicit constants. 5. A static ....

R. Rivest and B. Lampson, "Cryptography and Information Security Group Research Project: A Simple Distributed Security Infrastructure," http://theory.lcs.mit.edu/cis/sdsi.html .

....possibly supported by one or more credentials, that must comply with another party s policies if it is to be granted. Scenarios that require authorization decisions include electronic commerce, health care [2, 7] content advising [28] mobile code execution [12] public key infrastructure [9, 30, 19, 11, 27], and privacy protection [24, 23] Authorization in Internet services is significantly different from authorization in centralized systems or even in distributed systems that are closed or relatively small. In these older settings, authorization of a request is divided into authentication ( who ....

....threshold structure. This threshold structure supports a base atom ba if at least two principals among the threshold pool [cardA, cardB, cardC] support ba. k out of n threshold functions are common in many existing authorization systems, e.g. PolicyMaker [6, 8] KeyNote [5] SPKI SDSI [11, 27], and Delegation Networks [3] Such threshold structures introduce fault tolerance and aid flexibility in joint authorization. A static unweighted threshold structure expresses such thresholding for explicit cases where the threshold value and threshold pool are explicit constants. 5. A static ....

R. Rivest and B. Lampson, "Cryptography and Information Security Group Research Project: A Simple Distributed Security Infrastructure," http://theory.lcs.mit.edu/cis/sdsi.html.

....mean one in which one party submits a request, possibly supported by one or more credentials, that must comply with another party s policy if it is to be granted. Scenarios that require authorization decisions include content advising [23] mobile code execution [11] public key infrastructure [6, 27, 16, 9, 24], and privacy protection [20, 18] Electronic commerce is one class of services in which authorization decisions play a prominent role. Merchants and customers both have valuable resources at risk and must have appropriate policies in place before authorizing access to these resources. An ....

R. Rivest and B. Lampson, "Cryptography and Information Security Group Research Project: A Simple Distributed Security Infrastructure," http://theory.lcs.mit.edu/cis/sdsi.html.

....we mean one in which one party submits a request, possibly supported by one or more credentials, that must comply with another party s policy if it is to be granted. Scenarios that require authorization decisions include content advising [25] mobile code execution [11] public key infrastructure [6, 29, 18, 9, 26], and privacy protection [22, 20] Electronic commerce is one class of services in which authorization decisions play a prominent role. Merchants and customers both have valuable resources at risk and must have appropriate policies in place before authorizing access to these resources. An ....

R. Rivest and B. Lampson, "Cryptography and Information Security Group Research Project: A Simple Distributed Security Infrastructure," http://theory.lcs.mit.edu/~cis/sdsi.html.

....security of the host is maintained through strict enforcement of a physical security policy. The second assumption SANE makes is the existence of a Public Key Infrastructure (PKI) While a PKI is required, no assumptions are made as to the type of PKI, e.g. hierarchical or web of trust. Com89, LR97, Zim95, BFIK98, BFIK99] The overall architecture of SANE for a three node network is shown in Figure 2. The initialization of each node begins with the bootstrap. Following the sucessful completion of the bootstrap, the operating system is started which loads a general purpose evaluator, e.g. a ....

B. Lampson and R. Rivest. Cryptography and Information Security Group Research Project: A Simple Distributed Security Infrastructure. Technical report, MIT, 1997.

....on to other entities) Authorization (a specification of the power that the issuer is conferring on the subject) and Validity dates. The SPKI certificate format is compatible with the Simple Distributed Security Infrastructure (SDSI) local names format proposed by Rivest and Lampson [LR97] and Ellison et al. EFR 97] explain how to integrate the two. The SPKI documentation [EFR 97] states that The processing of certificates and related objects to yield an authorization result is the province of the developer of the application or system. The processing plan presented here ....

B. Lampson and R. Rivest. Cryptography and Information Security Group Research Project: A Simple Distributed Security Infrastructure. Technical report, MIT, 1997.

....for brevity, it has been called just SPKI or just SDSI, but the reference is now always to the merged design. A SPKI working group of the IETF was formed in 1996 that has continued to re ne the design[20] Various RFC s and Internet drafts[10, 12, 13, 14] document this work. Two web sites [27, 11] give further pointers to work on SPKI SDSI. Several MIT EECS Master s theses [16, 26, 9, 8, 24] have studied various algorithmic and implementation aspects of SPKI SDSI. Of most relevance is JeanEmile Elien s master s thesis[9] which focuses on the certi cate chain discovery problem and gives ....

Ronald L. Rivest. Cryptography and Information Security Group Research Project: A Simple Distributed Security Infrastructure (SDSI). See http://theory.lcs.mit.edu/~cis/sdsi.html., 1996.

....for brevity, it has been called just SPKI or just SDSI, but the reference is now always to the merged design. A SPKI working group of the IETF was formed in 1996 that has continued to refine the design[15] Various RFC s and Internet drafts[8, 9, 10, 11] document this work. Two web sites [20, 7] give further pointers to work on SPKI SDSI. Several MIT EECS Master s theses [13, 19, 6, 5] have studied various algorithmic and implementation aspects of SPKI SDSI. Of most relevance is JeanEmile Elien s master s thesis[6] which focuses on the certificate chain discovery problem and gives an ....

Ronald L. Rivest. Cryptography and Information Security Group Research Project: A Simple Distributed Security Infrastructure (SDSI). See http://theory.lcs.mit.edu/~cis/sdsi.html., 1996.

....for brevity, it has been called just SPKI or just SDSI, but the reference is now always to the merged design. A SPKI working group of the IETF was formed in 1996 that has continued to refine the design[15] Various RFC s and Internet drafts[8, 9, 10, 11] document this work. Two web sites [20, 7] give further pointers to work on SPKI SDSI. Several MIT EECS Master s theses [13, 19, 6, 5] have studied various algorithmic and implementation aspects of SPKI SDSI. Of most relevance is JeanEmile Elien s master s thesis[6] which focuses on the certificate chain discovery problem, and gives an ....

Ronald L. Rivest. Cryptography and Information Security Group Research Project: A Simple Distributed Security Infrastructure (SDSI). See http://theory.lcs.mit.edu/~cis/sdsi.html., 1996.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC