Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
On the regular structure of prefix rewriting
CAAP '90 Selected papers of the conference on Fifteenth colloquium on trees in algebra and programming
The role of trust management in distributed systems security
Secure Internet programming
Certificate chain discovery in SPKI?SDSI
Journal of Computer Security
A Formal Semantics for SPKI
Distributed Proving in Access-Control Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Kerberized credential translation: a solution to web access control
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Journal of Computer Security - Special issue on CSFW15
Weighted pushdown systems and trust-management systems
TACAS'06 Proceedings of the 12th international conference on Tools and Algorithms for the Construction and Analysis of Systems
A scalable and flexible web services authentication model
Proceedings of the 2007 ACM workshop on Secure web services
PBES: a policy based encryption system with application to data sharing in the power grid
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Digital identity security architecture in Ethos
Proceedings of the 7th ACM workshop on Digital identity management
| Hi-index | 0.00 |
Trust-management systems address the authorization problem in distributed systems. They offer several advantages over other approaches, such as support for delegation and making authorization decisions in a decentralized manner. Nonetheless, trust-management systems such as KeyNote and SPKI/SDSI have seen limited deployment in the real world. One reason for this is that both systems require a public-key infrastructure (PKI) for authentication, and PKI has proven difficult to deploy, because each user is required to manage his/her own private/public key pair. The key insight of our work is that issuance of certificates in trust-management systems, a task that usually requires public-key cryptography, can be achieved using secret-key cryptography as well. We demonstrate this concept by showing how SPKI/SDSI can be modified to use Kerberos, a secret-key based authentication system, to issue SPKI/SDSI certificates. The resulting trust-management system retains all the capabilities of SPKI/SDSI, but is much easier to use because a public key is only required for each SPKI/SDSI server, but no longer for every user. Moreover, because Kerberos is already well established, our approach makes SPKI/SDSI-based trust management systems easier to deploy in the real world.