Reducing the Dependence of SPKI/SDSI on PKI
WISCONSIN UNIV-MADISON DEPT OF COMPUTER SCIENCES
Pagination or Media Count:
Trust-management systems address the authorization problem in distributed systems. They offer several advantages over other approaches, such as support for delegation and making authorization decisions in a decentralized manner. Nonetheless, trust-management systems such as KeyNote and SPKISDSI have seen limited deployment in the real world. One reason for this is that both systems require a public-key infrastructure PKI for authentication, and PKI has proven difficult to deploy, because each user is required to manage hisher own privatepublic key pair. The key insight of our work is that issuance of certificates in trust-management systems, a task that usually requires public-key cryptography, can be achieved using secret-key cryptography as well. We demonstrate this concept by showing how SPKISDSI can be modified to use Kerberos, a secret-key based authentication system, to issue SPKISDSI certificates. The resulting trust-management system retains all the capabilities of SPKISDSI, but is much easier to use because a public key is only required for each SPKISDSI server, but no longer for every user. Moreover, because Kerberos is already well established, our approach makes SPKISDSI-based trust-management systems easier to deploy in the real world.
- Computer Systems Management and Standards
- Computer Programming and Software