Extending the SDSI / SPKI Model through Federation Webs

  • Altair Olivo Santin
  • Joni da Silva Fraga
  • Carlos Maziero
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2828)


Classic security systems use a trust model centered in the authentication procedure, which depends on a naming service. Even when using a Public Key Infrastructure as X.509, such systems are not easily scalable and can become single failure points or performance bottlenecks. Newer systems, with trust paradigm focused on the client and based on authorization chains, as SDSI/SPKI, are much more scalable. However, they offer some difficulty on locating the chain linking the client to a given server. This paper defines extensions to the SDSI/SPKI authorization and authentication model, which allow the client to build new chains in order to link it to a server when the corresponding path does not exist.


Trust Model Trust Relationship Trust Management Certification Authority Public Certificate 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Horst, F. W., Lischka, M.: Modular Authorization. In: Proceedings of ACM SACMAT (2001) Google Scholar
  2. 2.
    Garfinkel, S.: PGP: Pretty Good Privacy. O’Reilly & Associates, Inc., Sebastopol (1995)Google Scholar
  3. 3.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proceedings of the 17th IEEE Symposium on Security and Privacy (1996)Google Scholar
  4. 4.
    Blaze, M., Feigenbaum, J., Lacy, J.: The KeyNote Trust Management System, Version 2. IETF-RFC2704 (1999)Google Scholar
  5. 5.
    Lampson, B., Rivest, R.L.: A Simple Distributed Security Infrastructure (1996), (Last access on June 2003)
  6. 6.
    Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: SPKI Certificate Theory. IETF-RFC2693 (1999)Google Scholar
  7. 7.
    Gasser, M., Mcdermott, E.: An Architecture for Practical Delegation in a Distributed System. In: Proceedings of the IEEE Symposium on Security and Privacy (1990)Google Scholar
  8. 8.
    Aura, T.: On the Structure of Delegation Networks. In: Proceedings of IEEE CSFW (1998)Google Scholar
  9. 9.
    Nikander, P., Viljanen, L.: Storing and Retrieving Internet Certificates. In: Proceedings of 3th Nordic Workshop on Secure IT Systems (1998) Google Scholar
  10. 10.
    Aura, T.: Fast Access Control Decisions from Delegation Certificate Databases. In: Proceedings of 3th Australian Conference on Information Security and Privacy (1998) Google Scholar
  11. 11.
    Ajmani, S.: A trusted Execution Platform for Multiparty Computation. Master thesis, Dep. of Electrical Engineering and Computer Science, MIT (2000)Google Scholar
  12. 12.
    Clarke, D.E.: SPKI/SDSI HTTP Server Certificate Chain Discovery in SPKI/SDSI. Master dissertation, Dep. Electrical Engineering and Computer Science of MIT (2001)Google Scholar
  13. 13.
    OMG – Object Management Group: Security Service Specification, v1.8 (2002), (Last access on June 2003)
  14. 14.
    Staken, K.: Xindice Developers Guide 0.7.1 (2002), (Last access on June 2003)
  15. 15.
    Thau, R.: Design Considerations for the Apache API (2002), (Last access on June 2003)
  16. 16.
    Terreros, X.S.L., Ribes, J.-M.M.: SPKI-XML Certificate Structure (2002), (Last access on June 2003)
  17. 17.
    Li, N.: Local Names in SPKI/SDSI. In: Proceedings of the IEEE CSFW (2000)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2003

Authors and Affiliations

  • Altair Olivo Santin
    • 1
    • 2
  • Joni da Silva Fraga
    • 1
  • Carlos Maziero
    • 2
  1. 1.DAS/CTC/UFSCFederal University of Santa CatarinaFlorianópolisBrazil
  2. 2.PPGIA/CCET/PUCPRPontifical Catholic University of ParanáCuritibaBrazil

Personalised recommendations