A Formal Semantics for SPKI
نویسندگان
چکیده
We extend the logic and semantics of authorization due to Abadi, Lampson, et al. to support restricted delegation. Our formal model provides a simple interpretation for the variety of constructs in the Simple Public Key Infrastructure (SPKI), and lends intuition about possible extensions. We discuss both extensions that our semantics supports and extensions that it cautions against.
منابع مشابه
A Semantics and a Calculi for Reasoning about Credential-based Systems
Reasoning about credential-based systems such as SDSI, SPKI is one of today’s security challenges. The representation and reasoning problem for this (simple) public key infrastructure is challenging: we need to represent permissions, naming and identities of agents and complex naming constructions (Blackburn’s office-mate is M4M’s PC-Chair’s Colleague), then we need to reason about intervals of...
متن کاملReducing the Dependence of Trust-Management Systems on PKI
Trust-management systems address the authorization problem in distributed systems by defining a formal language for expressing authorization and access-control policies, and relying on an algorithm to determine when a specific request can be granted. For authorization in distributed systems, trustmanagement systems offer several advantages over other approaches, such as support for delegation a...
متن کاملLanguage based policy analysis in a SPKI Trust Management System
SPKI/SDSI is a standard for issuing authorization and name certificates. SPKI/SDSI can be used to implement a Trust Management System, where the policy for resource access is distributively specified by multiple trusted entities. Agents in the system need a formal mechanism for understanding the current state of policy. We present a first order temporal logic, called FTPL for specifying propert...
متن کاملA Logical Reconstruction of SPKI
SPKI/SDSI is a proposed public key infrastructure standard that incorporates the SDSI public key infrastructure. SDSI’s key innovation was the use of local names. We previously introduced a Logic of Local Name Containment that has a clear semantics and was shown to completely characterize SDSI name resolution. Here we show how our earlier approach can be extended to deal with a number of key fe...
متن کاملOn the Structure of Delegation Networks
In new distributed, key-oriented access control systems such as SPKI, access right are delegated by a freely formed network of certificates. We formalize the concept of a delegation network and present a formal semantics for the delegation of access rights with certificates. The certificates can have multiple subjects who must co-operate to use the authority. Some fundamental properties of the ...
متن کامل