|
|
| (One intermediate revision by one other user not shown) |
| Line 1: |
Line 1: |
| '''Simple public key infrastructure''' ('''SPKI''', pronounced ''spoo-key'') was born out of a joint effort to overcome the overcomplication and scalability problems of traditional [[X.509]] [[public key infrastructure]]. It is specified in two Internet Engineering Task Force ([[IETF]]) [[Request For Comments]] (RFC) specifications—RFC 2692 and RFC 2693—from the IETF [http://www.ietf.org/html.charters/spki-charter.html SPKI working group]. These two RFCs are at the EXPERIMENTAL maturity level of the IETF's [[Request for Comments#Status|RFC status]]. The SPKI specification defines an authorization certificate format, providing for the delineation of privileges, rights or other such attributes (called '''authorizations''') and binding them to a public key. In 1996, SPKI was merged with '''Simple Distributed Security Infrastructure''' ('''SDSI''', pronounced ''sudsy'') by [[Ron Rivest]] and [[Butler Lampson]].
| |
|
| |
|
| ==History and Overview==
| |
| The original SPKI had identified principals only as [[public key]]s but allowed binding authorizations to those keys and delegation of authorization from one key to another. The encoding used was attribute:value pairing, similar to RFC 822 headers.
| |
|
| |
|
| The original SDSI bound local names (of individuals or groups) to public keys (or other names), but carried authorization only in [[Access Control List]]s (ACLs) and did not allow for delegation of subsets of a principal's authorization. The encoding used was standard [[S-expression]].
| | Roberto is the name [https://www.Gov.uk/search?q=I+personally I personally] love to be with although it has always been not the name on my birth certificate. My [http://Search.about.com/?q=colleagues colleagues] say it's not fine for me but the thing that I love doing should be to drive but Seriously been taking on innovative new things lately. South Carolina is where my home is. I used regarding be unemployed but now I am a cashier but the promotion absolutely not comes. I've been working on my husband and my website for some enough time now. Check it outdoors here: http://prometeu.net<br><br>my webpage - [http://prometeu.net hack clash of clans android] |
| | |
| The combined SPKI/SDSI allows the naming of principals, creation of named groups of principals and the delegation of rights or other attributes from one principal to another. It includes a language for expression of authorization - a language that includes a definition of "intersection" of authorizations. It also includes the notion of '''threshold subject''' - a construct granting authorizations (or delegations) only when <math>K</math> of <math>N</math> of the listed subjects concur (in a request for access or a delegation of rights). SPKI/SDSI uses S-expression encoding, but specifies a binary form that is extremely easy to parse - an LR(0) grammar - called [[Canonical S-expressions]].
| |
| | |
| SPKI/SDSI does not define a role for a commercial [[Certificate Authority]] (CA). In fact, one premise behind SPKI is that a commercial CA serves no useful purpose.<ref>{{Cite conference
| |
| | first = Carl
| |
| | last = Ellison
| |
| | title = Establishing Identity Without Certification Authorities
| |
| | url = http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.31.7263
| |
| | booktitle = 6th USENIX Security Symposium
| |
| | year = 1996
| |
| }}</ref>
| |
| As a result of that, SPKI/SDSI is deployed primarily in closed solutions and in demonstration projects of academic interest. Another side-effect of this design element is that it is difficult to monetize SPKI/SDSI by itself. It can be a component of some other product, but there is no business case for developing SPKI/SDSI tools and services except as part of some other product.
| |
| | |
| The most prominent general deployments of SPKI/SDSI are [[E-speak]], a middleware product from [[Hewlett-Packard|HP]] that used SPKI/SDSI for access control of web methods, and [[UPnP]] Security, that uses an XML dialect of SPKI/SDSI for access control of web methods, delegation of rights among network participants, etc.
| |
| | |
| ==Notes==
| |
| <references />
| |
| [[SPKAC]]
| |
| ==External links==
| |
| | |
| {{Portal|Cryptography}}
| |
| * [http://world.std.com/~cme/html/spki.html SPKI homepage],
| |
| * [http://jsdsi.sf.net JSDSI (open source development effort)]
| |
| * [http://sourceforge.net/projects/cdsa CDSA (open source development effort)].
| |
| * [http://www.syntelos.com/spki SDSI SPKI documentation and references]
| |
| | |
| {{DEFAULTSORT:Simple Public Key Infrastructure}}
| |
| <!-- Categories -->
| |
| [[Category:Key management]]
| |
Roberto is the name I personally love to be with although it has always been not the name on my birth certificate. My colleagues say it's not fine for me but the thing that I love doing should be to drive but Seriously been taking on innovative new things lately. South Carolina is where my home is. I used regarding be unemployed but now I am a cashier but the promotion absolutely not comes. I've been working on my husband and my website for some enough time now. Check it outdoors here: http://prometeu.net
my webpage - hack clash of clans android