Regular SPKI
نویسنده
چکیده
SPKI is a certificate-based framework for authorisation in distributed systems. The SPKI framework is extended by an iteration construct, essentially Kleene star, to express constraints on delegation chains. Other possible applications, not explored in the paper, include multidomain network routing path constraints. The main decision problems for the extended language are shown to correspond to regular language membership and containment respectively. To support an efficient decision algorithm in both cases we give a sound and complete inference system for a fragment of the language which is decidable in polynomial time. We finally show how to use the extended syntax to represent constrained delegation in SPKI.
منابع مشابه
Analysis and Application of Accountable Certificate Management
In this paper, we consider the relation of non-repudiation and certificate management. In particular, we analyse a recent proposal by Buldas, Laud and Lipmaa (ACM CCS ’2000) for accountable certificate management and its application for use with SPKI certificates. The main idea of the accountable certificate management model is to provide undeniable attestations about the validity of any partic...
متن کاملSimple PKI
In this paper we discuss the SPKI standard as an alternative to the current X.509 and OpenPGP standards. The paper starts with a short history of PKI, and assesses the current state and the various flaws in the X.509 and OpenPGP standards. Then the main part of this paper explains the concepts of SPKI, and discusses how SPKI supports various notions of trust. Finally the paper concludes with an...
متن کاملLanguage based policy analysis in a SPKI Trust Management System
SPKI/SDSI is a standard for issuing authorization and name certificates. SPKI/SDSI can be used to implement a Trust Management System, where the policy for resource access is distributively specified by multiple trusted entities. Agents in the system need a formal mechanism for understanding the current state of policy. We present a first order temporal logic, called FTPL for specifying propert...
متن کاملLocal Names in SPKI/SDSI
We analyze the notion of “local names” in SPKI/SDSI. By interpreting local names as distributed groups, we develop a simple logic program for SPKI/SDSI’s linked localname scheme and prove that it is equivalent to the nameresolution procedure in SDSI 1.1 and the 4-tuple-reduction mechanism in SPKI/SDSI 2.0. This logic program is itself a logic for understanding SDSI’s linked local-name scheme an...
متن کاملReducing the Dependence of SPKI/SDSI on PKI
Trust-management systems address the authorization problem in distributed systems. They offer several advantages over other approaches, such as support for delegation and making authorization decisions in a decentralized manner. Nonetheless, trust-management systems such as KeyNote and SPKI/SDSI have seen limited deployment in the real world. One reason for this is that both systems require a p...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2003