Last modified: 10/19/04 11:04:32 AM
N. Goffee, S. Kim, S.W. Smith, P. Taylor, M. Zhao, J. Marchesini.
"Greenpass: Decentralized, PKI-based Authorization for Wireless LANs."
3rd Annual PKI Research and Development Workshop Proceedings.
Internet2/NIST/NIH. NISTIR 7122. 26--41, 2004.
In Dartmouth's "Greenpass" project, we're building an experimental
system to explore two levels of authorization issues in the emerging
information infrastructure. On a practical level, we want to enable
only authorized users to access an internal wireless network while
also permitting appropriate users to delegate internal access to
external guests, and doing this all with standard client software. On
a deeper level, PKI needs to be part of this emerging information
infrastructure since sharing secrets is not workable. However, the
traditional approach to PKI---with a centralized hierarchy based on
global names and heavy-weight X.509 certificates---has often proved
cumbersome. On this level, we want to explore alternative PKI
structures that might overcome these barriers.
By using SPKI/SDSI delegation on top of X.509 certificates within
EAP-TLS authentication, we provide a flexible, decentralized solution
to guest access that reflects real-world authorization flow, without
requiring guests to download nonstandard client software. Within the
"living laboratory" of Dartmouth's wireless network, this project lets
us solve real problem with wireless networking, while also
experimenting with trust flows and testing the limits of current