Databases Reference
In-Depth Information
KeyNote-Version: 1
Authorizer: rsa-pkcs1-hex: “1234abcd”
Licensee: dsa-hex: “9876dcba”
rsa-pkcs1-hex: “6789defg”
Comment: Authorizer delegates read access to either of the licensees
Condition: ($file == “/etc/passwd” && $access == “read”)
→{
return “OK”
}
Signature: rsa-md5-pkcs1-hex: “f00f5673”
Fig. 2.
An example KeyNote assertion.
example also illustrates the fact that KeyNote takes responsibility for verifying
cryptographic signatures, and thus reduces the workload of the calling appli-
cations and better enforces the security policy. Compared to PolicyMaker,
KeyNote aims to be a relatively complete software solution for authorization.
KeyNote assertions bind public keys to authorizations for specific security-
critical resources. As in capability-based systems, KeyNote's authorization
decision procedure is quite straightforward, and does not require resolving
the name or identity of the requester. Security-critical actions are given by a
set of name, value bindings called an
action environment
, which is specified
by the calling application. Assertions contain a
condition
field that expresses
constraints on these bindings that must be satisfied for the assertion to par-
ticipate in a
proof of compliance
with the authorization policy governing the
action. For example, in the assertion shown in Figure 2, $access is a name and
the constraint on the value assigned to this name is that it must be equal to
“read”. So if the application binds “action” to “read” whenever the requested
operation is a read, then this credential can be used only to grant read access.
3.2 SPKI/SDSI
SPKI/SDSI [18] merged the SDSI [54] and the SPKI [22] efforts together
to achieve an expressive and powerful trust management system. SDSI (pro-
nounced “sudsy”), short for “Simple Distributed Security Infrastructure,” was
proposed as a new public-key infrastructure by Rivest and Lampson. Concur-
rently, Carl Ellison et al. developed “Simple Public Key Infrastructure,” or
SPKI (ocially pronounced “s-p-k-i” [18], but sometimes informally called
“spooky”).
SDSI's greatest contribution is its design of local and extended names,
which are bound to keys through the use of SDSI name certificates (see below),
and which solve the problem of globally unambiguous naming. The owner of
each public key can define names local to a name space that is associated with
and identified by that key. For example, “
K
Alice
bob” is an example of a local
name in which “bob” is an identifier and
K
Alice
is a globally unique key that
we assume here belongs to a specific principal, Alice, who has sole authority
to define bindings for the local name. Alice can define “
K
Alice
bob” to refer
to a particular key “
K
Bob
” by issuing a tuple of the form (
K
Alice
,bob,
K
Bob
,
1). This in effect says that the principal that Alice refers to as bob has the
