Abstract
Classic security systems use a trust model centered in the authentication procedure, which depends on a naming service. Even when using a Public Key Infrastructure as X.509, such systems are not easily scalable and can become single failure points or performance bottlenecks. Newer systems, with trust paradigm focused on the client and based on authorization chains, as SDSI/SPKI, are much more scalable. However, they offer some difficulty on locating the chain linking the client to a given server. This paper defines extensions to the SDSI/SPKI authorization and authentication model, which allow the client to build new chains in order to link it to a server when the corresponding path does not exist.
This project has been partially supported by the Brazilian Research Council - CNPq, under the grant 552175/2001-3.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Horst, F. W., Lischka, M.: Modular Authorization. In: Proceedings of ACM SACMAT (2001)
Garfinkel, S.: PGP: Pretty Good Privacy. O’Reilly & Associates, Inc., Sebastopol (1995)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proceedings of the 17th IEEE Symposium on Security and Privacy (1996)
Blaze, M., Feigenbaum, J., Lacy, J.: The KeyNote Trust Management System, Version 2. IETF-RFC2704 (1999)
Lampson, B., Rivest, R.L.: A Simple Distributed Security Infrastructure (1996), http://theory.lcs.mit.edu/~cis/sdsi.html (Last access on June 2003)
Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: SPKI Certificate Theory. IETF-RFC2693 (1999)
Gasser, M., Mcdermott, E.: An Architecture for Practical Delegation in a Distributed System. In: Proceedings of the IEEE Symposium on Security and Privacy (1990)
Aura, T.: On the Structure of Delegation Networks. In: Proceedings of IEEE CSFW (1998)
Nikander, P., Viljanen, L.: Storing and Retrieving Internet Certificates. In: Proceedings of 3th Nordic Workshop on Secure IT Systems (1998)
Aura, T.: Fast Access Control Decisions from Delegation Certificate Databases. In: Proceedings of 3th Australian Conference on Information Security and Privacy (1998)
Ajmani, S.: A trusted Execution Platform for Multiparty Computation. Master thesis, Dep. of Electrical Engineering and Computer Science, MIT (2000)
Clarke, D.E.: SPKI/SDSI HTTP Server Certificate Chain Discovery in SPKI/SDSI. Master dissertation, Dep. Electrical Engineering and Computer Science of MIT (2001)
OMG – Object Management Group: Security Service Specification, v1.8 (2002), http://www.omg.org/cgi-bin/doc?formal/02-03-11.pdf (Last access on June 2003)
Staken, K.: Xindice Developers Guide 0.7.1 (2002), http://xml.apache.org/xindice/guide-developer.html (Last access on June 2003)
Thau, R.: Design Considerations for the Apache API (2002), http://modules.apache.org/reference (Last access on June 2003)
Terreros, X.S.L., Ribes, J.-M.M.: SPKI-XML Certificate Structure (2002), http://www.oasis-open.org/cover/xml-spki.html (Last access on June 2003)
Li, N.: Local Names in SPKI/SDSI. In: Proceedings of the IEEE CSFW (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this paper
Cite this paper
Santin, A.O., da Silva Fraga, J., Maziero, C. (2003). Extending the SDSI / SPKI Model through Federation Webs. In: Lioy, A., Mazzocchi, D. (eds) Communications and Multimedia Security. Advanced Techniques for Network and Data Protection. CMS 2003. Lecture Notes in Computer Science, vol 2828. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45184-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-45184-6_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20185-4
Online ISBN: 978-3-540-45184-6
eBook Packages: Springer Book Archive