Lampson, B., Rivest, R. L.: A Simple Distributed Security Infrastructure (1996). URL http://theory.lcs.mit.edu/~cis/sdsi.html, Last access on Jun, 2003.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....for symmetric key encryption and RSA for asymmetric key encryption. A complete system would support a variety of encryption algorithms. OceanStore relies on the availability of a public key infrastructure (PKI) for access to a small number of keys. The keys map to root directories in a SDSIstyle [19] security infrastructure. From a root directory in this infrastructure, a principal can locate all other keys and GUIDs it requires through recursive scan. For access control, each object has an associated access control list (ACL) ACLs are regular OceanStore objects that contain specialized ....

R. Rivest and B. Lampson. SDSI|A simple distributed security infrastructure. Manuscript, 1996.

....designed and implemented as a prototype. A security module for the MMM is being constructed under the following requirements: implement the design [5] as outlined above, smoothly integrate the security features into the functionalities of the MMM prototype [1] meet emerging standards [17, 25, 24] for credentials. In this paper, we present and discuss the architecture of this security module emphasizing the following original contributions: an authorization model that allows to consider credentials as grantees, to be used for representing the query access authorizations of the ....

....CORBA proxy state KQML OQL CORBA evaluator OO DBS (O ) CORBA 2 communication interface OQL ODL meta schema application schema source schema optimizer source schema rewriter Figure 1: Functional architecture of the Multimedia Mediator 2. 2 Authorization model Credentials [17, 25, 12, 9, 24, 8] are powerful means to receive and to present assured digital certi cates about a wide range of personal properties. Such properties may include the ownership of a public key (and the corresponding secret key) for an asymmetric cryptographic scheme, a unique identi cation for authentication, ....

[Article contains additional citation context not shown here]

R. L. Rivest and B. Lampson. A simple distributed security infrastructure (SDSI). http://theory.lcs.mit.edu/~cis/sdsi.html, 1998.

....characterization of SDSI name resolution. The semantics is shown to be closely related to that of logic programs, leading to an approach to the ecient implementation of queries concerning local names. A complete axiomatization of the logic is also provided. 1 Introduction Rivest and Lampson [RL96] introduced SDSI a Simple Distributed Security Infrastructure to facilitate the construction of secure systems. 1 In SDSI, principals (agents) are identi ed with public keys. In addition to principals, SDSI allows other names, such as poker buddies. Rather than having a global name space, these ....

....his bindings to other principals. Thus, Ron may receive a message from the principal he names Joe describing a set of principals Joe associates with poker buddies. Ron may then refer to the principals Joe associates with poker buddies by the expression Joe s poker buddies. Rivest and Lampson [RL96] give an operational account of local names; they provide a nameresolution algorithm that, given a principal k and a name n, computes the set of principals associated with n according to k. Abadi [Aba98] has provided a logic that, among other things, gives a more semantic account of local names. ....

[Article contains additional citation context not shown here]

R.L. Rivest and B. Lampson. SDSI | a simple distributed security infrastructure. at http://theory.lcs.mit.edu/cis/sdsi.html, 1996.

....(respect. iwho owns the private key that corresponds to the public key j) rather they need to know iis the signer authorized to do what she wants to do j. The most important credential proposals are SPKI (Simple Public Key Infrastructure) 9] SDSI (A Simple Distributed Security Infrastructure) [11], PolicyMaker [7] and KeyNote [6] In the following we will give a short overview of these proposals. PolicyMaker An essential goal of this trust management approach is to build a generalpurpose, application independent system for checking proofs of compliance. This approach frames the question ....

....in a mediation environment use the same credential based PKI respectively same implementation of these PKIs. While a participant (e.g. an information source) uses PolicyMaker [7] system to dene its security policy, another participant (e.g. a client) may own credentials based on SPKI SDSI [9, 11] proposal. Even if the participants use credentials based on the same proposal, the code to generate credentials could be written by dioeerent developers. This may lead to a number of constraints on the structures and encoding of credentials. Due to heterogeneity, the formats of the credentials ....

R. L. Rivest and B. Lampson. A simple distributed security infrastructure (SDSI). http://theory.lcs.mit.edu/ cis/sdsi.html, 1998.

....certi cates, validation and revocation Simple Public Key Infrastructure (SPKI) is a proposal for a Public Key Infrastructure (PKI) that would be more exible than X.509 and free from the requirement of a global, trusted Certi cation Authority hierarchy. It has adopted many ideas from the SDSI [18, 17] and PolicyMaker [3] prototype systems. IETF is developing SPKI, and so far it has reached the experimental status. SPKI was designed to support certi cate based authorisation. It can be used to certify identity, as well, but unlike X.509 and other name oriented systems, SPKI uses cryptographic ....

Ronald L. Rivest and Butler Lampson. SDSI  A simple distributed security infrastructure. In Proceedings of the 1996 Usenix Security Symposium, 1996.

....certi cates, validation and revocation Simple Public Key Infrastructure (SPKI) is a proposal for a Public Key Infrastructure (PKI) that would be more exible than X.509 and free from the requirement of a global, trusted Certi cation Authority hierarchy. It has adopted many ideas from the SDSI [18, 17] and PolicyMaker [3] prototype systems. IETF is developing SPKI, and so far it has reached the experimental status. SPKI was designed to support certi cate based authorisation. It can be used to certify identity, as well, but unlike X.509 and other name oriented systems, SPKI uses cryptographic ....

Ronald L. Rivest and Butler Lampson. SDSI  A simple distributed security infrastructure. (see SDSI web page at http://theory.lcs.mit.edu/cis/ sdsi.html).

....according to the type of communication in which we wish to participate. For instance, Jane Mobile may have a di erent user name and password for her oce email system, home email, oce voice mail, home voice mail, cell phone voice mail and instant messaging system, all of which she uses regularly in di erent situations. Second, it is time consuming to ensure that those who wish to reach us online have our current, most appropriate contact information. To be reachable easily, Jane Mobile needs to make sure we have all of her phone numbers, email addresses and other online identi ers. The ....

....minute to minute personal tracking, lack long term perspective. They invariably assume that Dan Sender, in the example above, always has a way to name Jane, and that he can easily nd her tracking mechanism. Unfortunately, these assumptions are too optimistic. On one hand, people in the online world do not have unambiguous names. Dan cannot just lookup Jane Mobile and be sure to nd the right person; even with a small fraction of the world population online, our rst and last names are not unique identi ers. On the other hand, application , device , or network speci c identi ers commonly ....

[Article contains additional citation context not shown here]

Ronald R. Rivest and Butler Lampson. A simple distributed security infrastructure (SDSI). http://www.toc.lcs.mit.edu/ cis/sdsi.html.

....a PKI proposal called Simple Public Key Infrastructure (SPKI) 11, 10] SPKI is more exible than X.509 [4] and free from the requirement of a global, trusted Certi cation Authority (CA) hierarchy. Any entity having a private key may issue certi cates. SPKI has adopted ideas from the SDSI [26, 25] and PolicyMaker [3] prototype systems. 13] SPKI was designed to support certi cate based authorisation. Just about any a trust relationship can be described using SPKI certi cates; thus policy rules can be expressed and permissions can be granted in the form of certi cates. Now, authorisation ....

Ronald L. Rivest and Butler Lampson. SDSI  A simple distributed security infrastructure. In Proceedings of the 1996 Usenix Security Symposium, 1996.

....a PKI proposal called Simple Public Key Infrastructure (SPKI) 11, 10] SPKI is more exible than X.509 [4] and free from the requirement of a global, trusted Certi cation Authority (CA) hierarchy. Any entity having a private key may issue certi cates. SPKI has adopted ideas from the SDSI [26, 25] and PolicyMaker [3] prototype systems. 13] SPKI was designed to support certi cate based authorisation. Just about any a trust relationship can be described using SPKI certi cates; thus policy rules can be expressed and permissions can be granted in the form of certi cates. Now, authorisation ....

Ronald L. Rivest and Butler Lampson. SDSI  A simple distributed security infrastructure. (See SDSI web page at http://theory.lcs.mit.edu/cis/sdsi. html).

....with the supplier beforehand. The latter forbids deployment of merely identity based identi cation approaches as traditionally used in federated database systems. 3 Secure mediated querying protocol A secure mediation environment is based on a public key infrastructure and digital credentials [11, 28, 17]. In this environment clients have to provide evidence that they are eligible for requested information, and sources have to maintain mechanisms to inspect such evidence and to decide whether and which information is delivered. We assume that there are trusted third parties (TTPs) trusted by all ....

R. L. Rivest and B. Lampson. A simple distributed security infrastructure (SDSI). http://theory.lcs.mit.edu/ cis/sdsi.html, 1998.

....control is identity based. The identity of a user registered in advance determines the groups or roles to which the user belongs respectively she can play, and ultimately what she is privileged to do. In mediator systems both the authentication and access control are based on the credentials [6, 13, 9] of spontaneous users. The credentials (e.g. driving licence, group membership card) provide evidence of user s eligibility. The security policies of the information sources with respect to confidentiality relate sets of credential attributes to the amounts of data allowed for delivering. The ....

....non repudiation and availability. In our previous works [2, 3] we have discussed the security requirements for mediation and presented our approaches towards satisfying them, with an emphasis on confidentiality and authenticity. In our basic approach we have combined the concepts of credentials [6, 13, 9] for authentic authorization with some kind of anonymity, and of asymmteric encryption, for confidentiality. We have also extended our approach to include additional mechanisms like digital signatures and fingerprints. Additionally, we have proposed to use the role based security enforcement for ....

[Article contains additional citation context not shown here]

R. L. Rivest and B. Lampson. A simple distributed security infrastructure (SDSI). http://theory.lcs.mit.edu/ cis/sdsi.html, 1998.

....the details of particular signature schemes are not important here. For convenience and brevity, we say that a message was signed by a public key K i when we really mean that it was signed by the secret key whose corresponding public key is K i . 2 SPKI SDSI History In 1996 Lampson and Rivest[28] proposed a new public key infrastructure, called a Simple Distributed Security Infrastructure, abbreviated SDSI , and pronounced sudsy. Its most interesting feature is probably its decentralized name space. In SDSI, the owner of each public key can create a local name space relative to that ....

....the authorization scheme. It will be easier to understand the issues arising in the full SPKI SDSI scheme once the naming subsystem is fully understood. In SPKI SDSI there is a local name space associated with every public key. There are no global names in SPKI SDSI. The rst version of SDSI [28] did have global names; these were eliminated in the merger of SDSI with SPKI. A local name is a pair consisting of a public key and an arbitrary identi er. A public key can sign statements (certi cates) binding one of its local names to a value. Values can be speci ed indirectly in terms of ....

Ronald L. Rivest and Butler Lampson. SDSI{a simple distributed security infrastructure. See http://theory.lcs.mit.edu/~rivest/sdsi10.ps., August 1996.

No context found.

Lampson, B., Rivest, R. L.: A Simple Distributed Security Infrastructure (1996). URL http://theory.lcs.mit.edu/~cis/sdsi.html, Last access on Jun, 2003.

No context found.

R. Rivest and B. Lampson. Simple Distributed Security Infrastructure, http://theory.lcs.mit.edu/~rivest/sdsi.ps, 1996.

No context found.

Rivest, R. L.; Lampson, B. (1998). A Simple Distributed Security Infrastructure (SDSI). http://theory.lcs.mit.edu/ cis/sdsi.html.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC