Using SPKI/SDSI for Distributed Maintenance of Attribute Release Policies in Shibboleth

The Shibboleth middleware from Internet2 provides a way for users at higher-education institutions to access remote electronic content in compliance with the inter-institutional license agreements that govern such access. To protect end-user privacy, Shibboleth permits users to construct attribute release policies that control what user credentials a given content provider can obtain. However, Shibboleth leaves unspecified how to construct these policies. To be effective, a solution needs to accommodate the typical nature of a university: a set of decentralized fiefdoms. This need argues for a public-key infrastructure (PKI) approach—since public-key cryptography does not require parties to agree on a secret beforehand, and parties distributed throughout the institution are unlikely to agree on anything. However, this need also argues against the strict hierarchical structure of traditional PKI—policy in different fiefdoms will be decided differently, and originate within the fiefdom, rather than from an overall root. This paper presents our design and prototype of a system that uses the decentralized public-key framework of SPKI/SDSI to solve this problem.