Computing Minimum-Height Certificate Trees in SPKI/SDSI
SPKI/SDSI is a framework that combines a simple public-key infrastructure and a simple distributed security infrastructure with a means of defining local name spaces. It allows principals, which can be a person or an organization, to locally create groups of principals and delegate rights to other principals or groups of principals by issuing certificates. To prove authorizations, principals need to search for necessary certificates that are, in general, in the form of certificate trees. This paper defines a framework based on SPKI/SDSI which allows principals to give weights to certificates. Weights can be used to address many authorization issues such as access control of limited resources. The paper shows a connection between SPKI/SDSI and the theory of pushdown systems, and presents an algorithm that solves the authorization problem by computing minimum-height certificate trees.
Full Text: PDF