S. Nazareth, S.W. Smith.
"Using
SPKI/SDSI for Distributed Maintenance of Attribute Release Policies in Shibboleth."
Proceedings of the IADIS International Conference WWW/Internet 2004.
Volume 1. 218--226.
October 2004.
To be effective, a solution needs to accommodate the typical nature of a university: a set of decentralized fiefdoms. This need argues for a public-key infrastructure (PKI) approach---since public-key cryptography does not require parties to agree on a secret beforehand, and parties distributed throughout the institution are unlikely to agree on anything. However, this need also argues against the strict hierarchical structure of traditional PKI---policy in different fiefdoms will be decided differently, and originate within the fiefdom, rather than from an overall root.
This paper presents our design and prototype of a system that uses the decentralized public-key framework of Simple Public Key Infrastructure/Simple Distributed Security Infrastructure (SPKI/SDSI) to solve this problem.
![]() |
Back to home page | Maintained by Sean Smith, sws@cs.dartmouth.edu |