Abstract:
We analyze the notion of ``local names'' in SPKI/SDSI. By interpreting local names as distributed groups, we develop a simple logic program for SPKI/SDSI's linked local-name scheme and prove that it is equivalent to the name-resolution procedure in SDSI~1.1 and the 4-tuple-reduction mechanism in SPKI/SDSI 2.0. This logic program is itself a logic for understanding SDSI's linked local-name scheme and has several advantages over previous logics, e.g., those of Abadi and Halpern and van der Meyden.
We then enhance our logic program to handle authorization certificates, threshold subjects, and certificate discovery. This enhanced program serves both as a logical characterization and an implementation of SPKI/SDSI 2.0's certificate reduction and discovery.
We discuss the way SPKI/SDSI uses threshold subjects and names for the purpose of authorization and show that, when used in a certain restricted way, local names can be interpreted as distributed roles.
Reference:
In Proceedings of the 13th IEEE Computer Security Foundations
Workshop, pages 2--15. IEEE Computer Society Press, July 2000.
Paper: PDF.
Erratum: In this paper, the claim that the logic in Halpern and van der Meyden is nonmonotonic is erroneous.
BibTex Data:
@InProceedings{Li00,
author = "Ninghui Li",
title = "Local Names in {SPKI/SDSI}",
booktitle = "Proceedings of the 13th IEEE Computer Security Foundations Workshop",
month = jul,
year = "2000",
publisher = "IEEE Computer Society Press",
pages = "2--15",
}