C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. Simple Public Key Certificates. Internet Draft (work in progress), 1999.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....either a citizen or an alien residing in the U.S. both legally and permanently. A basic environment cannot capture what it means to be aged, according to Social Security policies. Nevertheless, basic environments seem perfectly adequate for certificate based permissions in the spirit of SPKI SDSI [12, 13] and for licenses as described by XrML [10] which assumes a minimal environment containing facts such as the current time and the time of the most recent revocation polling. The second restriction, that equality is not used, is a serious restriction. Without equality, we cannot express threshold ....

....policies cannot be written in safe, stratified Datalog, because the language does not allow negation in the conclusion of rules. This limitation may not seem to be particularly troublesome. After all, the standard approach, used in relational databases [17] as well as by UNIX [35] SPKI SDSI [34, 13, 12], KeyNote [4] and almost all of the Datalogbased approaches, is to assume that everything that is not explicitly permitted is prohibited. However, it is difficult to believe that most policy makers really want to forbid every action that they do not explicitly permit. Thus, the assumption may be ....

C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. Simple public key certificate. At http://world.std.com/#cme/spki.txt, 1999. Internet RFC 2693.

....to give the same rights also to the key of another card. This kind of certificate with which one key delegates access rights to another one is called a delegation certificate. The signing is done with public key cryptography. It is possible to use standard certificate formats and techniques [5, 2]. Unfortunately, this simple procedure is not quite enough; it would result in duplication of the license. After handing over the license, the first card must cease to function as a token. Furthermore, it must never sign another delegation certificate (at least not to delegate the same license) ....

Carl M. Ellison, Bill Franz, Butler Lampson, Ron Rivest, Brian M. Thomas, and Tatu Ylonen. Simple public key certificate. Internet draft, IETF SPKI Working Group, March 1998.

....Both of them were motivated by the inadequacy of public key infrastructures based on global name hierarchies, such as X.509 [39] and Privacy Enhanced Mail (PEM) 43] Later, SPKI and SDSI merged into a collaborative effort, SPKI SDSI 2. 0, about which the most up to date documents are [23, 25, 26]. The SPKI SDSI approach shares many views with the trust management approach. For example, it aims at developing a standard form for digital certificates whose main purpose is authorization rather than authentication. However, it does not define an application independent trust management ....

Carl Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian Thomas, and Tatu Ylonen, "Simple Public Key Certificate," Internet Draft (Work in Progress), July 1999. http://world.std.com/cme/spki.txt

....certificates between keys. We formalize the concept of a delegation network and present a formal semantics for the delegation. The model is used for proving the equivalence of several methods for access control decisions. In particular, we show that the certificate reduction technique of [5] is sound and complete with respect to our definition of authorization. Theoretical treatment of the topic allows us to focus on the This work has been funded by Helsinki Graduate School in Computer Science and Engineering (HeCSE) and supported by research grants from Academy of Finland. ....

....6, 10] could be adapted for the purpose. However, the calculus was developed before key based systems and it does not directly support anonymous keys in the certificate chain. The three most prominent proposals for distributed trust management on open communications networks are SPKI certificates [5] by Ellison et al. SDSI public key infrastructure [8] by Rivest and Lampson, and PolicyMaker local security policy database [3] by Blaze et al. In the development of our theory, we have most often referred to the SPKI specification. We begin by defining delegation network and discussing ....

[Article contains additional citation context not shown here]

Carl M. Ellison, Bill Franz, Butler Lampson, Ron Rivest, Brian M. Thomas, and Tatu Ylnen. SPKI certificate theory, Simple public key certificate, SPKI examples. Internet draft, IETF SPKI Working Group, November 1997.

....case of the X.509 standard [Com89] an identity is represented as a distinguished name , e.g. C=US ST=PA L=Philadelphia O=University of Pennsylvania OU=Department of Computer and Information Science CN=William A. Arbaugh (see Figure 2. 2) Whereas in the SPKI SDSI proposed certificate standard [EFRT97] the identity is represented by a public key or its message digest (see Figure 2.3) Unfortunately, the advantages and disadvantages of each approach are beyond the scope of this introduction. 13 Certificate: Data: Version: 1 (0x0) Serial Number: 830525701 (0x3180d105) Signature Algorithm: ....

....security of the host is maintained through strict enforcement of a physical security policy. The second assumption SANE makes is the existence of a Public Key Infrastructure (PKI) While a PKI is required, no assumptions are made as to the type of PKI, e.g. hierarchical or web of trust . Com89, EFRT97, LR97, Zim95, BFIK98b] The overall architecture of SANE for a three node network is shown in Figure 7.2. The initialization of each node begins with the bootstrap. Following the successful completion of the bootstrap, the operating system is started which loads a general purpose evaluator, ....

Carl M. Ellison, Bill Frantz, Ron Rivest, and Brian M. Thomas. Simple Public Key Certificate. Work in Progress, April 1997.

....not have RT 0 s type 4 credentials, and so RT 0 is more expressive than the current version of SDSI 2.0. Intersections and threshold structures (e.g. those in [8] can be used to implement one another. Threshold structures may appear in name certificates according to [8] and earlier versions of [9]. This is disallowed in [6] and the most up to date version of [9] because threshold structures are viewed as too complex [6] Intersections provide similar functionality with simple and clear semantics. Note that a type 2 credential A.r B.r 1 can be represented using a type 1 credential and ....

....than the current version of SDSI 2.0. Intersections and threshold structures (e.g. those in [8] can be used to implement one another. Threshold structures may appear in name certificates according to [8] and earlier versions of [9] This is disallowed in [6] and the most up to date version of [9], because threshold structures are viewed as too complex [6] Intersections provide similar functionality with simple and clear semantics. Note that a type 2 credential A.r B.r 1 can be represented using a type 1 credential and a type 3 credential: A.r 0 B, A.r A.r 0 .r 1 , in which r 0 ....

Carl Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian Thomas, and Tatu Ylonen. Simple public key certificates. Internet Draft (work in progress), July 1999. http://world.std.com/cme/spki.txt.

....the latter delegatee. A user can access a service, if he she has the right to do so, or if he she has been delegated the right by an authorized user, who has the ability to delegate. There has been some work in this area starting with well known models like Simple Public Key Infrastructure (SPKI) [5] and Pretty Good Privacy or PGP [14] to Blaze s Policy Maker [8, 3] Blaze, who coined the term Distributed Trust Management, tries to solve the trust problem by binding public keys to access control without authentication [8, 3] His PolicyMaker, given a policy, answers queries about trust. ....

Carl M. Ellison, Bill Frantz, and Brian M. Thomas. Simple public key certificate. Internet document, 1996.

....a policy, answers queries about trust. Though powerful, the policy definition is complicated and not easy to understand for non programmers who are probably going to develop the policy. The Simple Public Key Infrastructure (SPKI) was the first proposed standard for distributed trust management [12]. This solution, though simple and elegant, only included a rudimentary notion of delegation. Pretty Good Privacy or PGP [40] was de veloped to enable the sending of secure email without a secure key exchange or a central authority. In PGP, a keyholder (an individual associated with a ....

Carl M. Ellison, Bill Frantz, and Brian M. Thomas. Simple public key certificate. Internet document, 1996.

....have RT 0 s type 4 credentials, and so RT 0 is more expressive than the current version of SDSI 2.0. Intersections and threshold structures (e.g. those in [10] can be used to implement one another. Threshold structures may appear in name certificates according to [10] and earlier versions of [11]. This is disallowed in [8] and the most up to date version of [11] because threshold structures are viewed as too complex [8] Intersections provide similar functionality with simple and clear semantics. 5 2.2 The Semantics of RT 0 This section presents a non operational semantics of RT 0 . ....

....than the current version of SDSI 2.0. Intersections and threshold structures (e.g. those in [10] can be used to implement one another. Threshold structures may appear in name certificates according to [10] and earlier versions of [11] This is disallowed in [8] and the most up to date version of [11], because threshold structures are viewed as too complex [8] Intersections provide similar functionality with simple and clear semantics. 5 2.2 The Semantics of RT 0 This section presents a non operational semantics of RT 0 . Given a set C of RT 0 credentials, we define a map S C : Roles ....

Carl Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian Thomas, and Tatu Ylonen. Simple Public Key Certificates. Internet Draft (Work in Progress), July 1999. http://world.std.com/cme/spki.txt.

....and the encoded certificates are usually large. While the V3 specification eliminates most of the problems above, the remaining ones prevent its use. Because of the limits and problems with the X.509 certificate standard, we use a subset of the proposed SDSI SPKI 2. 0 certificate structure[16][15] instead. The SDSI SPKI format does not suffer from the same problems as X.509, and it offers additional functionality. 3.1.1 SDSI SPKI Lite Since the SDSI SPKI standard is still under development, we have chosen to support the small subset of SDSI SPKI needed for AEGIS. We call this subset ....

C. M. Ellison, B. Frantz, R. Rivest, and B. M. Thomas. Simple Public Key Certificate. Work in Progress, April 1997.

....have RT0 s type 4 credentials, and so RT0 is more expressive than the current version of SDSI 2.0. Intersections and threshold structures (e.g. those in [10] can be used to implement one another. Threshold structures may appear in name certificates according to [10] and earlier versions of [11]. This is disallowed in [8] and the most up to date version of [11] because threshold structures are viewed as too complex [8] Intersections provide similar functionality with simple and clear semantics. 2.2 The Semantics of RT0 This section presents a non operational semantics of RT0 . Given ....

....than the current version of SDSI 2.0. Intersections and threshold structures (e.g. those in [10] can be used to implement one another. Threshold structures may appear in name certificates according to [10] and earlier versions of [11] This is disallowed in [8] and the most up to date version of [11], because threshold structures are viewed as too complex [8] Intersections provide similar functionality with simple and clear semantics. 2.2 The Semantics of RT0 This section presents a non operational semantics of RT0 . Given a set C of RT0 credentials, we define a map S C : Roles # ....

Carl Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian Thomas, and Tatu Ylonen. Simple Public Key Certificates. Internet Draft (Work in Progress), July 1999. http://world.std.com/cme/spki.txt.

....When a listener receives the RF message, it measures the time until it receives the ultrasound pulse. The listener determines its distance to the beacon using the time difference. 4 Proxy to Proxy Protocol SPKI SDSI (Simple Public Key Infrastructure Simple Distributed Security Infrastructure) [7, 22] is a security infrastructure that is designed to facilitate the development of scalable, secure, distributed computing systems. SPKI SDSI provides fine grained access control using a local name space architecture and a simple, flexible, trust policy model. SPKI SDSI is a public key ....

....2. If the client requests access to a protected resource, the server responds with the ACL protecting the resource 5 and the tag formed from the client s request. A tag is a SPKI SDSI data structure which represents a set of requests. There are examples of tags in the SPKI SDSI IETF drafts [7]. If there is no ACL protecting the requested resource, the request is immediately honored. 3. a) The client proxy generates a chain of certificates using the SPKI SDSI certificate chain discovery algorithm [4, 3] This certificate chain provides a proof of authorization that the user s key is ....

[Article contains additional citation context not shown here]

C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. Simple Public Key Certificate. The Internet Society, July 1999. See http://world.std.com/cme/spki.txt.

No context found.

C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. Simple Public Key Certificates. Internet Draft (work in progress), 1999.

No context found.

Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: Simple Public Key Certificates. Internet Draft (work in progress) (1999)

No context found.

C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. Simple public key certificates. Internet Draft (work in progress), July 1999.

No context found.

C. M. Ellison, B. Frantz, B. Lampson, R. Rivest, B. M. Thomas, and T. Ylnen. Simple Public Key Certificate, Internet draft , March 1998.

No context found.

C. M. Ellison, B. Frantz, B. Lampson, R. L. Rivest, B. M. Thomas, and T. Ylonen. Simple public key certificate. http://world.std.com/cme/html/spki.html, July 1999.

No context found.

C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. Simple Public Key Certificates. Internet Draft (work in progress), 1999.

No context found.

Carl Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian Thomas, and Tatu Ylonen. Simple public key certificates. Internet Draft (work in progress), July 1999. Available at http://world.std.com/cme/spki.txt.

No context found.

Carl M. Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian M. Thomas, and Tatu Ylonen. Simple Public Key Certificate. IETF Internet Draft, July 1999.

No context found.

C. M. Ellison, B. Frantz, B. Lampson, R. Rivest, B. M. Thomas, and T. Ylomen, "Simple Public Key Certificate," Internet Draft draft-ietf-spki-certstructure -05.txt, 1998.

No context found.

C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen, "Simple public key certificate," Internet Draft draft-ietf-spki-cert-structure-06, Internet Engineering Task Force, Jan. 1999. See http://world.std.com/~cme/spki.txt.

No context found.

Carl Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian Thomas, and Tatu Ylonen. Simple public key certificates. Internet Draft (work in progress), July 1999. http://world.std.com/cme/spki.txt.

No context found.

C. M. Ellison, B. Frantz, R. Rivest, B. M. Thomas, and T. Ylonen. Simple Public Key Certificate. Work in Progress, http://www.pobox.com/~cme/html/spki.html, April 1997.

No context found.

Carl Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian Thomas, and Tatu Ylonen. Simple public key certificates. Internet Draft (work in progress), July 1999. http://world.std.com/cme/spki.txt.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC