Abstract
SPKI is a certificate-based framework for authorisation in distributed systems. The SPKI framework is extended by an iteration construct, essentially Kleene star, to express constraints on delegation chains. Other possible applications, not explored in the paper, include multidomain network routing path constraints. The main decision problems for the extended language are shown to correspond to regular language membership and containment respectively. To support an efficient decision algorithm in both cases we give a sound and complete inference system for a fragment of the language which is decidable in polynomial time. We finally show how to use the extended syntax to represent constrained delegation in SPKI.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bandmann, O., Dam, M.: A note on SPKI’s authorisation syntax. In: Proc. 1st Annual PKI Research Workshop (2002)
Bandmann, O., Dam, M., Sadighi Firozabadi, B.: Constrained delegation. In: Proc. 23rd Annual Symp. on Security and Privacy (2002)
Clarke, D., Elien, J.-E., Ellison, C., Fredette, M., Morcos, A., Rivest, R.L.: Certificate chain discovery in spki/sdsi. Journal of Computer Security 9, 285–322 (2001)
Ellison, C.M., Frantz, B., Lampson, B., Rivest, R., Thomas, B.M., Ylonen, T.: SPKI Certificate Theory. RFC 2693, expired (1999), ftp://ftp.isi.edu/in-notes/rfc2693.txt
Jha, S., Reps, T.: Analysis of SPKI/SDSI certificates using model checking. In: Proc. IEEE Computer Security Foundations Workshop, pp. 129–146 (2002)
Kozen, D.: Results on the propositional mu-calculus. Theoretical Computer Science 27, 333–354 (1983)
Rivest, R.: S-expressions, Internet Draft, expired (May 1997), http://theory.lcs.mit.edu/~rivest/sexp.txt
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dam, M. (2005). Regular SPKI. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2003. Lecture Notes in Computer Science, vol 3364. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11542322_18
Download citation
DOI: https://doi.org/10.1007/11542322_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28389-8
Online ISBN: 978-3-540-31836-1
eBook Packages: Computer ScienceComputer Science (R0)