Abstract
For distributed computing systems, specification and enforcement of permissions can be based on a public key infrastructure which deals with public keys for asymmetric cryptography. We review previous approaches and classify them as based on trusted authorities with licencing and dealing with free properties (characterizing attributes including identities), e.g. X.509, or based on owners with delegation dealing with bound properties (including capabilities), e.g., SPKI/ SDSI. These approaches are extended and integrated into a hybrid model which uses protocols to convert free properties into bound properties. Furthermore, we unify licencing and delegation by introducing administrative properties. Secure mediation is taken as an example for a wide range of potential applications.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35697-6_26
Chapter PDF
References
C. Altenschmidt, J. Biskup, U. Flegel and Y. Karabulut. Secure mediation: Requirements, design and architecture. Computer Security (to appear).
P. Bonatti and P. Samarati. Regulating service access and information release on the web. In Proceedings of the Seventh ACM Conference on Computer and Communications Security, pages 134–143, Athens, Greece, 2000.
S. Brands. Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge, Massachusetts, 2000.
D. Chaum. Security without identification: Transaction systems to make big brother obsolete. Communications of the ACM, 28 (10): 1030–1044, 1985.
D. Clarke, J. Elfen, C. Ellison, M. Fredette, A. Morcos and R. Rivest. Certificate chain discovery in SPKI/SDSI. Computer Security, 9 (4): 285–322, 2001.
C. Ellison. SPKI/SDSI certificates. http: //world. std. com/ -cme/html/spki. html, 2002.
T. Finin, Y. Labrou and J. Mayfield. KQML as an agent communication language. In J. Bradshaw (ed.), Software Agents. MIT Press, Cambridge, Massachusetts, 1997.
A. Herzberg and Y. Mass. Relying party credentials framework. In D. Naccache (ed.), Topics in Cryptology–CT-RSA 2001, The Cryptographer’s Track at RSA Conference (LNCS 2020), pages 328–343, San Francisco, California, 2001.
ITU-T Recommendation X.509: The directory - Public key and attribute certificate frameworks, 2000.
I. Lehti and P. Nikander. Certifying trust. In Proceedings of the First International Workshop on Practice and Theory in Public Key Cryptography, pages 83–98, San Diego, California, 1998.
S. Miller, B. Neuman, J. Schiller and J. Saltzer. Section E.2.1: Kerberos authentification and authorization system. M.I.T. Project Athena. Technical Report, Cambridge, Massachusetts, 1987.
Object Management Group. The CORBA Security Specification. www. omg.org/cgi–bin/doc?formal/2002–03–11,2002.
P. Samarati and S. de Capitani di Vimercati. Access control: Policies, models and mechanisms. In R. Focardi and R. Gorrieri (eds.), Foundations of Security Analysis and Design (LNCS 2171), pages 137–196. Springer, Berlin, Germany, 2000.
K. Seamons, W. Winsborough and M. Winslett. Internet credential acceptance policies. In Proceedings of the Workshop on Logic Programming for Internet Applications, Leuven, Belgium, 1997.
K. Seamons, M. Winslett, T. Yu, B. Smith, E. Child and J. Jacobsen. Protecting privacy during on-line trust negotiation. In Proceedings of the Second Workshop on Privacy Enhancing Technologies, San Francisco, California, 2002.
A. Tanenbaum and M. van Steen. Distributed Systems. Prentice-Hall, Upper Saddle River, New Jersey, 2002
W. Thompson, W. Johnston, S. Mudumbai, G. Hoo, K. Jackson and A. Essiari. Certificate-based access control for widely distributed resources. In Proceedings of the 8th USENIX Security Symposium, Washington D.C., 1999.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Biskup, J., Karabulut, Y. (2003). A Hybrid PKI Model: Application to Secure Mediation. In: Gudes, E., Shenoi, S. (eds) Research Directions in Data and Applications Security. IFIP — The International Federation for Information Processing, vol 128. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35697-6_21
Download citation
DOI: https://doi.org/10.1007/978-0-387-35697-6_21
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-6413-0
Online ISBN: 978-0-387-35697-6
eBook Packages: Springer Book Archive