MINDS @ UW-Madison

Reducing the Dependence of Trust-Management Systems on PKI

Show full item record


Wang, Hao; Jha, Somesh; Reps, Thomas; Schwoon, Stefan; Stubblebine, Stuart
University of Wisconsin-Madison Department of Computer Sciences
Trust-management systems address the authorization problem in distributed systems by defining a formal language for expressing authorization and access-control policies, and relying on an algorithm to determine when a specific request can be granted. For authorization in distributed systems, trust-management systems offer several advantages over other approaches, such as support for delegation and making authorization decisions in a decentralized manner. This paper focuses on a popular trust-management system SPKI/SDSI. Although SPKI/SDSI is an attractive system for authorization in distributed systems, it has seen limited deployment. One of the major hurdles in deploying SPKI/SDSI is that it is PKI-based, i.e., every principal is required to have a public-private key pair. We present an approach that combines SPKI/SDSI with a widely-deployed authentication system, Kerberos, to reduce reliance of SPKI/SDSI on PKI. In our approach, only sites need public-private key pairs. We believe that reducing the reliance of SPKI/SDSI on PKI will facilitate its wider deployment. We also have implemented a prototype of our technique.
Permanent link
Export to RefWorks 

Part of

Show full item record

Search and browse


Deposit materials

  1. Register to deposit in MINDS@UW
  2. Need deposit privileges? Contact us.
  3. Already registered? Have deposit privileges? Deposit materials.