RFC2693: SPKI Certificate Theory1999 RFC
Skip Abstract Section
Abstract
The SPKI Working Group has developed a standard form for digital certificates whose main purpose is authorization rather than authentication. These structures bind either names or explicit authorizations to keys or other objects. The binding to a key can be directly to an explicit key, or indirectly through the hash of the key or a name for it. The name and authorization structures can be used separately or together. We use S-expressions as the standard format for these certificates and define a canonical form for those S-expressions. As part of this development, a mechanism for deriving authorization decisions from a mixture of certificate types was developed and is presented in this document.
RFC Downloads
ZIP
Cited By
- Kortesniemi Y, Lagutin D, Elo T, Fotiou N and Nardone R (2019). Improving the Privacy of IoT with Decentralised Identifiers (DIDs), Journal of Computer Networks and Communications, 2019, Online publication date: 1-Jan-2019.
- Frattolillo F (2018). Watermarking protocols, International Journal of Information Security, 17:5, (587-601), Online publication date: 1-Oct-2018.
- Liu Y Logic programming applications Declarative Logic Programming, (519-548)
Pieczul O, Foley S and Zurko M Developer-centered security and the symmetry of ignorance Proceedings of the 2017 New Security Paradigms Workshop, (46-56)- Taly A and Shankar A Distributed Authorization in Vanadium Tutorial Lectures on Foundations of Security Analysis and Design VIII - Volume 9808, (139-162)
- Frattolillo F (2016). A Buyer-Friendly and Mediated Watermarking Protocol for Web Context, ACM Transactions on the Web, 10:2, (1-28), Online publication date: 25-May-2016.
- Hallett J and Aspinall D AppPAL for Android Proceedings of the 8th International Symposium on Engineering Secure Software and Systems - Volume 9639, (216-232)
- Kuppusamy T, Torres-Arias S, Diaz V and Cappos J Diplomat Proceedings of the 13th Usenix Conference on Networked Systems Design and Implementation, (567-581)
- Saini M, Alelaiwi A and Saddik A (2015). How Close are We to Realizing a Pragmatic VANET Solution? A Meta-Survey, ACM Computing Surveys, 48:2, (1-40), Online publication date: 21-Nov-2015.
- Kumar N and Shyamasundar R Labelled mobile ambients model for information flow security in distributed systems Proceedings of the 8th International Conference on Security of Information and Networks, (330-337)
- Abdi S and Herbert J An algorithm for distributed certificate chain discovery in open environments Proceedings of the 30th Annual ACM Symposium on Applied Computing, (2292-2298)
- Chapin P and Skalka C (2014). SpartanRPC, ACM Transactions on Information and System Security, 17:2, (1-30), Online publication date: 17-Nov-2014.
- Molina-Markham A, Peterson R, Skinner J, Yun T, Golla B, Freeman K, Peters T, Sorber J, Halter R and Kotz D Amulet Proceedings of the 1st Workshop on Mobile Medical Applications, (16-21)
- Tran N, Chiang F and Li J (2012). Efficient cooperative backup with decentralized trust management, ACM Transactions on Storage, 8:3, (1-25), Online publication date: 1-Sep-2012.
- Claycomb W, Shin D and Ahn G (2012). Enhancing directory virtualization to detect insider activity, Security and Communication Networks, 5:8, (873-886), Online publication date: 1-Aug-2012.
- Vimercati S, Foresti S, Jajodia S, Paraboschi S, Psaila G and Samarati P (2012). Integrating trust management and access control in data-intensive Web applications, ACM Transactions on the Web, 6:2, (1-43), Online publication date: 1-May-2012.
- Shin D, Wang Y and Claycomb W A policy-based decentralized authorization management framework for cloud computing Proceedings of the 27th Annual ACM Symposium on Applied Computing, (465-470)
- Coleman N Distributed policy specification and interpretation with classified advertisements Proceedings of the 14th international conference on Practical Aspects of Declarative Languages, (198-211)
- Jacobson V, Smetters D, Thornton J, Plass M, Briggs N and Braynard R (2012). Networking named content, Communications of the ACM, 55:1, (117-124), Online publication date: 1-Jan-2012.
- Zhu Y and Nakao A Content-oriented transport protocol Proceedings of the 7th Asian Internet Engineering Conference, (104-111)
- Wojtczak D Trust metrics for the SPKI/SDSI authorisation framework Proceedings of the 9th international conference on Automated technology for verification and analysis, (168-182)
- Ghodsi A, Koponen T, Rajahalme J, Sarolahti P and Shenker S Naming in content-oriented architectures Proceedings of the ACM SIGCOMM workshop on Information-centric networking, (1-6)
- Schlegel R, Kapadia A and Lee A Eyeing your exposure Proceedings of the Seventh Symposium on Usable Privacy and Security, (1-14)
- Schneider F, Walsh K and Sirer E (2011). Nexus authorization logic (NAL), ACM Transactions on Information and System Security, 14:1, (1-28), Online publication date: 1-May-2011.
- Foley S, Adams W and O'Sullivan B Aggregating trust using triangular norms in the keynote trust management system Proceedings of the 6th international conference on Security and trust management, (100-115)
- Esmaeeli A and Shahriari H Privacy protection of grid service requesters through distributed attribute based access control model Proceedings of the 5th international conference on Advances in Grid and Pervasive Computing, (573-582)
- Jacobson V, Smetters D, Thornton J, Plass M, Briggs N and Braynard R Networking named content Proceedings of the 5th international conference on Emerging networking experiments and technologies, (1-12)
- Goodloe A and Gunter C Completeness of discovery protocols Proceedings of the 2nd ACM workshop on Assurable and usable security configuration, (29-36)
- Liu Y and Stoller S (2009). From datalog rules to efficient programs with time and space guarantees, ACM Transactions on Programming Languages and Systems, 31:6, (1-38), Online publication date: 1-Aug-2009.
- Huraj L and Siládi V Authorization through trust chains in ad hoc grids Proceedings of the 2009 Euro American Conference on Telematics and Information Systems: New Opportunities to increase Digital Citizenship, (1-4)
- Marcon A, Santin A, de Paula Lima L and Stihler M Policy management architecture based on provisioning model and authorization certificates Proceedings of the 2009 ACM symposium on Applied Computing, (1594-1598)
- Liu W, Aggarwal S and Duan Z Incorporating accountability into internet email Proceedings of the 2009 ACM symposium on Applied Computing, (875-882)
- Burnside M and Keromytis A Path-Based Access Control for Enterprise Networks Proceedings of the 11th international conference on Information Security, (191-203)
- Herzberg A and Jbara A (2008). Security and identification indicators for browsers against spoofing and phishing attacks, ACM Transactions on Internet Technology, 8:4, (1-36), Online publication date: 1-Sep-2008.
- Chapin P, Skalka C and Wang X (2008). Authorization in trust management, ACM Computing Surveys, 40:3, (1-48), Online publication date: 1-Aug-2008.
- Halpern J and Weissman V (2008). Using First-Order Logic to Reason about Policies, ACM Transactions on Information and System Security, 11:4, (1-41), Online publication date: 1-Jul-2008.
- Ylitalo J, Melén J, Salmela P and Petander H An experimental evaluation of a HIP based network mobility scheme Proceedings of the 6th international conference on Wired/wireless internet communications, (139-151)
- Wang X, Feng D, Xu Z and Hu H Mediator-free secure policy interoperation of exclusively-trusted multiple domains Proceedings of the 4th international conference on Information security practice and experience, (248-262)
- Tran D, Chiang F and Li J Friendstore Proceedings of the 1st Workshop on Social Network Systems, (37-42)
- Bouajjani A, Esparza J, Schwoon S and Suwimonteerabuth D SDSIrep Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems, (501-516)
- Wilson S Public key superstructure "it's PKI Jim, but not as we know it!" Proceedings of the 7th symposium on Identity and trust on the Internet, (72-88)
- Halpern J and Weissman V (2008). A formal foundation for XrML, Journal of the ACM, 55:1, (1-42), Online publication date: 1-Feb-2008.
- Sistla A and Zhou M (2008). Analysis of dynamic policies, Information and Computation, 206:2-4, (185-212), Online publication date: 1-Feb-2008.
- Lee K, Kim J, Park J, Kim D and Moon K Routing based authentication for mobile ad hoc network in home environment Proceedings of the 2nd international conference on Ubiquitous information management and communication, (334-338)
- Ganesh A and Gopinath K SPKI/SDSI certificate chain discovery with generic constraints Proceedings of the 1st Bangalore Annual Compute Conference, (1-8)
- Benjumea V, Choi S, Lopez J and Yung M Anonymity 2.0 - X.509 extensions supporting privacy-friendly authentication Proceedings of the 6th international conference on Cryptology and network security, (265-281)
- Dragoni N and Massacci F Security-by-contract for web services Proceedings of the 2007 ACM workshop on Secure web services, (90-98)
- Crampton J, Lim H and Paterson K What can identity-based cryptography offer to web services? Proceedings of the 2007 ACM workshop on Secure web services, (26-36)
- Li J and Karp A Access control for the services oriented architecture Proceedings of the 2007 ACM workshop on Secure web services, (9-17)
- Koponen T, Chawla M, Chun B, Ermolinskiy A, Kim K, Shenker S and Stoica I (2007). A data-oriented (and beyond) network architecture, ACM SIGCOMM Computer Communication Review, 37:4, (181-192), Online publication date: 1-Oct-2007.
- Lui R, Hui L and Yiu S (2007). Delegation with supervision, Information Sciences: an International Journal, 177:19, (4014-4030), Online publication date: 1-Oct-2007.
- De Mello E, Van Moorsel A and Da Silva Fraga J Evaluation of P2P search algorithms for discovering trust paths Proceedings of the 4th European performance engineering conference on Formal methods and stochastic models for performance evaluation, (112-124)
- Courtès L, Killijian M and Powell D Security rationale for a cooperative backup service for mobile devices Proceedings of the Third Latin-American conference on Dependable Computing, (212-230)
- Bauer L, Garriss S and Reiter M Efficient proving for practical distributed access-control systems Proceedings of the 12th European conference on Research in Computer Security, (19-37)
- Koponen T, Chawla M, Chun B, Ermolinskiy A, Kim K, Shenker S and Stoica I A data-oriented (and beyond) network architecture Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications, (181-192)
- Miller M, Donnelley J and Karp A Delegating responsibility in digital systems Proceedings of the 2nd USENIX workshop on Hot topics in security, (1-5)
- López G, Cánovas O, Gómez A, Jiménez J and Marín R (2007). A network access control approach based on the AAA architecture and authorization attributes, Journal of Network and Computer Applications, 30:3, (900-919), Online publication date: 1-Aug-2007.
- Hristova K, Tekle K and Liu Y Efficient trust management policy analysis from rules Proceedings of the 9th ACM SIGPLAN international conference on Principles and practice of declarative programming, (211-220)
- Huai J, Sun H, Hu C, Zhu Y, Liu Y and Li J (2007). ROST, Future Generation Computer Systems, 23:6, (825-835), Online publication date: 1-Jul-2007.
- Etalle S and Winsborough W A posteriori compliance control Proceedings of the 12th ACM symposium on Access control models and technologies, (11-20)
- Yang Y, Deng R and Bao F Privacy-preserving credentials upon trusted computing augmented servers Proceedings of the 3rd international conference on Information security practice and experience, (177-192)
- Michalakis N, Soulé R and Grimm R Ensuring content integrity for untrusted peer-to-peer content distribution networks Proceedings of the 4th USENIX conference on Networked systems design & implementation, (11-11)
- Jung E, Elmallah E and Gouda M (2007). Optimal Dispersal of Certificate Chains, IEEE Transactions on Parallel and Distributed Systems, 18:4, (474-484), Online publication date: 1-Apr-2007.
- De Capitani di Vimercati S, Jajodia S, Paraboschi S and Samarati P Trust management services in relational databases Proceedings of the 2nd ACM symposium on Information, computer and communications security, (149-160)
- Claycomb W and Shin D Towards secure resource sharing for impromptu collaboration in pervasive computing Proceedings of the 2007 ACM symposium on Applied computing, (940-946)
- Narendra Kumar N and Shyamasundar R Specification and realization of access control in SPKI/SDSI Proceedings of the Second international conference on Information Systems Security, (177-193)
- De Capitani di Vimercati S and Samarati P Privacy in the electronic society Proceedings of the Second international conference on Information Systems Security, (1-21)
- de R. P. Braga J, Vidal A, Kon F and Finger M Trust in large-scale computational grids Proceedings of the 4th international workshop on Middleware for grid computing
- Ford B, Strauss J, Lesniewski-Laas C, Rhea S, Kaashoek F and Morris R Persistent personal names for globally connected mobile devices Proceedings of the 7th symposium on Operating systems design and implementation, (233-248)
- Suwimonteerabuth D, Schwoon S and Esparza J Efficient algorithms for alternating pushdown systems with an application to the computation of certificate chains Proceedings of the 4th international conference on Automated Technology for Verification and Analysis, (141-153)
- Chadwick D, Otenko S and Nguyen T Adding support to XACML for dynamic delegation of authority in multiple domains Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security, (67-86)
- Agudo I, Lopez J and Montenegro J Attribute delegation based on ontologies and context information Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security, (54-66)
- Li J and Li N (2006). OACerts, IEEE Transactions on Dependable and Secure Computing, 3:4, (340-352), Online publication date: 1-Oct-2006.
- Frikken K, Atallah M and Li J (2006). Attribute-Based Access Control with Hidden Policies and Hidden Credentials, IEEE Transactions on Computers, 55:10, (1259-1270), Online publication date: 1-Oct-2006.
- Ma Y and Tian Y The coarse-grained computing p2p algorithm based on SPKI Proceedings of the Second international conference on Advances in Natural Computation - Volume Part II, (394-401)
- Gorla D, Hennessy M and Sassone V Inferring dynamic credentials for rôle-based trust management Proceedings of the 8th ACM SIGPLAN international conference on Principles and practice of declarative programming, (213-224)
- Eamani A and Sistla A (2006). Language based policy analysis in a SPKI Trust Management System, Journal of Computer Security, 14:4, (327-357), Online publication date: 1-Jul-2006.
- Noda J, Takahashi M, Hosomi I, Mouri H, Takata Y and Seki H Integrating presence inference into trust management for ubiquitous systems Proceedings of the eleventh ACM symposium on Access control models and technologies, (59-68)
- Wohlgemuth S and Müller G Privacy with delegation of rights by identity management Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security, (175-190)
- Pearson S and Mont M Provision of trusted identity management using trust credentials Proceedings of the 4th international conference on Trust Management, (267-282)
- Mari M, Poggi A, Tomaiuolo M and Turci P Enhancing information sharing through agents Proceedings of the 8th international Bi conference on Agent-oriented information systems IV, (202-211)
- Negri A, Poggi A, Tomaiuolo M and Turci P Agents for e-business applications Proceedings of the fifth international joint conference on Autonomous agents and multiagent systems, (907-914)
- Xiao Z, Huang C and Xu F A security auditing approach based on mobile agent in grid environments Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part V, (243-250)
- Hwang J and Han J A security model for home networks with authority delegation Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part IV, (360-369)
- Hengartner U and Steenkiste P Securing information gateways with derivation-constrained access control Proceedings of the Third international conference on Security in Pervasive Computing, (181-195)
- Jha S, Schwoon S, Wang H and Reps T Weighted pushdown systems and trust-management systems Proceedings of the 12th international conference on Tools and Algorithms for the Construction and Analysis of Systems, (1-26)
- Liu W, Duan H, Wu J and Li X PDTM Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II, (518-525)
- Zhu X, Wang S, Hong F and Liao J Distributed credential chain discovery in trust-management with parameterized roles Proceedings of the 4th international conference on Cryptology and Network Security, (334-348)
- Lee Y, Lee H, Lee S, Park H and Noh B The design and implementation of secure event manager using SPKI/SDSI certificate Proceedings of the 2005 international conference on Embedded and Ubiquitous Computing, (490-498)
- Dehua Z, Zhang Y and Zhou Y Research of security architecture for p2p network based on trust management system Proceedings of the 4th international conference on Grid and Cooperative Computing, (184-189)
- Laganier J and Vicat-Blanc Primet P HIPernet Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing, (140-147)
- Chapin P, Skalka C and Wang X Risk assessment in distributed authorization Proceedings of the 2005 ACM workshop on Formal methods in security engineering, (33-42)
- Yin G, Wang H, Liu T, Shi D and Chen M Distributed access control for grid environments using trust management approach Proceedings of the 2005 international conference on Parallel and Distributed Processing and Applications, (485-495)
- Yin G, Wang H, Liu T, Chen M and Shi D Trust management with safe privilege propagation Proceedings of the 6th international conference on Advanced Parallel Processing Technologies, (174-183)
- Navarro G, Ortega-Ruiz J, Ametller J and Robles S Distributed authorization framework for mobile agents Proceedings of the Second international conference on Mobility Aware Technologies and Applications, (127-136)
- Yin G, Wang H, Shi D and Gu H Towards more controllable and practical delegation Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security, (245-258)
- Bauer L, Garriss S, McCune J, Reiter M, Rouse J and Rutenbar P Device-enabled authorization in the grey system Proceedings of the 8th international conference on Information Security, (431-445)
- Hommel W Using XACML for privacy control in SAML-based identity federations Proceedings of the 9th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security, (160-169)
- Pesonen L and Bacon J Secure event types in content-based, multi-domain publish/subscribe systems Proceedings of the 5th international workshop on Software engineering and middleware, (98-105)
- Navarro G, Borrell J, Ortega-Ruiz J and Robles S Access control with safe role assignment for mobile agents Proceedings of the fourth international joint conference on Autonomous agents and multiagent systems, (1235-1236)
- Zhou H and Foley S A logic for analysing subterfuge in delegation chains Proceedings of the Third international conference on Formal Aspects in Security and Trust, (127-141)
- Li J and Li N Policy-hiding access control in open environment Proceedings of the twenty-fourth annual ACM symposium on Principles of distributed computing, (29-38)
- Tschofenig H, Gurtov A, Ylitalo J, Nagarajan A and Shanmugam M Traversing middleboxes with the host identity protocol Proceedings of the 10th Australasian conference on Information Security and Privacy, (17-28)
- Marchesini J and Smith S Modeling public key infrastructures in the real world Proceedings of the Second European conference on Public Key Infrastructure, (118-134)
- Straub T, Ginkel T and Buchmann J A multipurpose delegation proxy for WWW credentials Proceedings of the Second European conference on Public Key Infrastructure, (1-21)
- Li J and Li N OACerts Proceedings of the Third international conference on Applied Cryptography and Network Security, (301-317)
- Etalle S and Winsborough W Integrity constraints in trust management Proceedings of the tenth ACM symposium on Access control models and technologies, (1-10)
- Almenárez F, Marín A, Campo C and García R. C TrustAC Proceedings of the Second international conference on Security in Pervasive Computing, (225-238)
- Poggi A, Tomaiuolo M and Vitaglione G A security infrastructure for trust management in multi-agent systems Trusting Agents for Trusting Electronic Societies, (162-179)
- Yin G, Teng M, Wang H, Jia Y and Shi D An authorization framework based on constrained delegation Proceedings of the Second international conference on Parallel and Distributed Processing and Applications, (845-857)
- Chen Z, Liu W, Tu S and Du W A cooperative web framework of jini into OSGi-based open home gateway Proceedings of the First international conference on Embedded Software and Systems, (570-575)
- Yin G, Wang H, Shi D, Jia Y and Teng M A rule-based framework for role-based constrained delegation Proceedings of the 3rd international conference on Information security, (186-191)
- Quillinan T and Foley S Security in WebCom Proceedings of the 2004 workshop on Secure web service, (97-105)
- Skalka C and Wang X Trust but verify Proceedings of the 2004 workshop on Secure web service, (47-55)
- Dinda P Addressing the trust asymmetry problem in grid computing with encrypted computation Proceedings of the 7th workshop on Workshop on languages, compilers, and run-time support for scalable systems, (1-7)
- Koshutanski H and Massacci F E pluribus unum Proceedings of the First international IFIP conference on Autonomic Communication, (179-190)
- Aggarwal G, Bawa M, Ganesan P, Garcia-Molina H, Kenthapadi K, Mishra N, Motwani R, Srivastava U, Thomas D, Widom J and Xu Y Vision paper Proceedings of the Thirtieth international conference on Very large data bases - Volume 30, (708-719)
- Biskup J and Wortmann S Towards a credential-based implementation of compound access control policies Proceedings of the ninth ACM symposium on Access control models and technologies, (31-40)
- Hengartner U and Steenkiste P Implementing access control to people location information Proceedings of the ninth ACM symposium on Access control models and technologies, (11-20)
- Lampson B (2004). Computer Security in the Real World, Computer, 37:6, (37-46), Online publication date: 1-Jun-2004.
- Gollmann D Identity and location Proceedings of the 12th international conference on Security Protocols, (246-250)
- Bussard L and Molva R Establishing trust with privacy Proceedings of the 12th international conference on Security Protocols, (199-209)
- Massacci F and Zannone N Privacy is linking permission to purpose Proceedings of the 12th international conference on Security Protocols, (179-191)
- Au R, Vasanta H, Choo K and Looi M A user-centric anonymous authorisation framework in e-commerce environment Proceedings of the 6th international conference on Electronic commerce, (138-147)
- Walter T, Bussard L, Robinson P and Roudier Y Security and Trust Issues in Ubiquitous Environments -- The Business-to-Employee Dimension Proceedings of the 2004 Symposium on Applications and the Internet-Workshops (SAINT 2004 Workshops)
- Liu V, Caelli W, Foo E and Russell S Visually sealed and digitally signed documents Proceedings of the 27th Australasian conference on Computer science - Volume 26, (287-294)
- Kaminsky M, Savvides G, Mazieres D and Kaashoek M (2003). Decentralized user authentication in a global file system, ACM SIGOPS Operating Systems Review, 37:5, (60-73), Online publication date: 1-Dec-2003.
- Skogsrud H, Benatallah B and Casati F (2003). Model-Driven Trust Negotiation for Web Services, IEEE Internet Computing, 7:6, (45-52), Online publication date: 1-Nov-2003.
- Kaminsky M, Savvides G, Mazieres D and Kaashoek M Decentralized user authentication in a global file system Proceedings of the nineteenth ACM symposium on Operating systems principles, (60-73)
- Gates C and Slonim J Owner-controlled information Proceedings of the 2003 workshop on New security paradigms, (103-111)
- Perrin T Public key distribution through "cryptoIDs" Proceedings of the 2003 workshop on New security paradigms, (87-102)
- Harrington A and Jensen C Cryptographic access control in a distributed file system Proceedings of the eighth ACM symposium on Access control models and technologies, (158-165)
- Goodrich M, Shin M, Tamassia R and Winsborough W Authenticated dictionaries for fresh attribute credentials Proceedings of the 1st international conference on Trust management, (332-347)
- Yao W Fidelis Proceedings of the 1st international conference on Trust management, (301-317)
- Hengartner U and Steenkiste P Access control to information in pervasive computing environments Proceedings of the 9th conference on Hot Topics in Operating Systems - Volume 9, (27-27)
- Li N, Winsborough W and Mitchell J Beyond Proof-of-Compliance Proceedings of the 2003 IEEE Symposium on Security and Privacy
- Dam M Regular SPKI Proceedings of the 11th international conference on Security Protocols, (134-150)
- Long B Formalising key distribution in the presence of trust using object-Z Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003 - Volume 21, (59-66)
- Buttyán L and Hubaux J (2003). Report on a working session on security in wireless ad hoc networks, ACM SIGMOBILE Mobile Computing and Communications Review, 7:1, (74-94), Online publication date: 1-Jan-2003.
- Winsborough W and Li N Protecting sensitive attributes in automated trust negotiation Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society, (41-51)
- Camenisch J and Van Herreweghen E Design and implementation of the idemix anonymous credential system Proceedings of the 9th ACM conference on Computer and communications security, (21-30)
- Winslett M, Yu T, Seamons K, Hess A, Jacobson J, Jarvis R, Smith B and Yu L (2002). Negotiating Trust on the Web, IEEE Internet Computing, 6:6, (30-37), Online publication date: 1-Nov-2002.
- Jha S and Reps T Analysis of SPKI/SDSI Certificates Using Model Checking Proceedings of the 15th IEEE workshop on Computer Security Foundations
- Abadi M Private authentication Proceedings of the 2nd international conference on Privacy enhancing technologies, (27-40)
- Geer D and Yung M Split-and-delegate Proceedings of the 6th international conference on Financial cryptography, (220-237)
- Tan H and Moreau L Certificates for mobile code security Proceedings of the 2002 ACM symposium on Applied computing, (76-81)
- Li N, Winsborough W and Mitchell J Distributed credential chain discovery in trust management Proceedings of the 8th ACM conference on Computer and Communications Security, (156-165)
- Kornievskaia O, Honeyman P, Doster B and Coffman K Kerberized credential translation Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
- Regan J and Jensen C Capability file names Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
- Kaliski B (2001). An unknown key-share attack on the MQV key agreement protocol, ACM Transactions on Information and System Security, 4:3, (275-288), Online publication date: 1-Aug-2001.
- Halpern J and Meyden R A Logical Reconstruction of SPKI Proceedings of the 14th IEEE workshop on Computer Security Foundations
- Hu Y Some thoughts on agent trust and delegation Proceedings of the fifth international conference on Autonomous agents, (489-496)
- Zhang L, Ahn G and Chu B A rule-based framework for role based delegation Proceedings of the sixth ACM symposium on Access control models and technologies, (153-162)
- Kubiatowicz J, Bindel D, Chen Y, Czerwinski S, Eaton P, Geels D, Gummadi R, Rhea S, Weatherspoon H, Weimer W, Wells C and Zhao B (2000). OceanStore, ACM SIGOPS Operating Systems Review, 34:5, (190-201), Online publication date: 1-Dec-2000.
- Kubiatowicz J, Bindel D, Chen Y, Czerwinski S, Eaton P, Geels D, Gummadi R, Rhea S, Weatherspoon H, Weimer W, Wells C and Zhao B (2000). OceanStore, ACM SIGARCH Computer Architecture News, 28:5, (190-201), Online publication date: 1-Dec-2000.
- Kubiatowicz J, Bindel D, Chen Y, Czerwinski S, Eaton P, Geels D, Gummadi R, Rhea S, Weatherspoon H, Weimer W, Wells C and Zhao B OceanStore Proceedings of the ninth international conference on Architectural support for programming languages and operating systems, (190-201)
- Kubiatowicz J, Bindel D, Chen Y, Czerwinski S, Eaton P, Geels D, Gummadi R, Rhea S, Weatherspoon H, Weimer W, Wells C and Zhao B (2000). OceanStore, ACM SIGPLAN Notices, 35:11, (190-201), Online publication date: 1-Nov-2000.
- Howell J and Kotz D End-to-end authorization Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
- Grimm R, Anderson T, Bershad B and Wetherall D A system architecture for pervasive computing Proceedings of the 9th workshop on ACM SIGOPS European workshop: beyond the PC: new challenges for the operating system, (177-182)
- Gunter C and Jim T Generalized certificate revocation Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, (316-329)
- Fujimura K, Kuno H, Terada M, Matsuyama K, Mizuno Y and Sekine J Digital-ticket-controlled digital ticket circulation Proceedings of the 8th conference on USENIX Security Symposium - Volume 8, (18-18)
- KlobučAr T and Jerman-Blaič B (1999). A formalisation and evaluation of certificate policies, Computer Communications, 22:12, (1104-1110), Online publication date: 1-Jul-1999.
Recommendations
Certificate chain discovery in SPKI?SDSI
SPKI/SDSI is a novel public-key infrastructure emphasizing naming, groups, ease-of-use, and flexible authorization. To access a protected resource, a client must present to the server a proof that the client is authorized; this proof takes the form of a ...
SPKI/SDSI certificate chain discovery with generic constraints
COMPUTE '08: Proceedings of the 1st Bangalore Annual Compute ConferenceThe SPKI/SDSI is a security infrastructure whose principal goal is to facilitate the building of secure, scalable, distributed computing systems. Given a set of SPKI/SDSI certificates, the decision on granting access to a resource by a user is taken by ...
An access control using SPKI certificate in peer-to-peer environment
ICCSA'07: Proceedings of the 2007 international conference on Computational science and Its applications - Volume Part IIWeb service is giving an equal privilege to all user for sharing their resources. Under this situation, lots of vulnerabilities against the various attacks through the Internet are possible, more sophisticated security services are necessary. In this ...