Gesellschaft für Informatik e.V.

Lecture Notes in Informatics


Informatik bewegt: Informatik 2002 - 32. Jahrestagung der Gesellschaft für Informatik e.v. (GI), 30. September - 3.Oktober 2002 in Dortmund. P-19, 449-454 (2002).

GI, Gesellschaft für Informatik, Bonn
2002


Editors

Sigrid E. Schubert (ed.), Bernd Reusch (ed.), Norbert Jesse (ed.)


Copyright © GI, Gesellschaft für Informatik, Bonn

Contents

SPKI performance and certificate chain reduction

Yki Kortesniemi

Abstract


Authorisation certificate based access control owes much of its expressive power to delegation; delegation enables distributed access control management, where the authorisation decisions are manifested as certificate chains. Unfortunately, these chains have to be evaluated every time a right is used, and if the right is used repeatedly, this can result in significant performance overhead. However, if the chains are replaced with reduction certificates, this overhead can be cut down. In this paper we discuss performance in SPKI and how it can be improved with certificate chain reduction. We elaborate on certificate chains, reduction certificates, and their performance implications, the choice of issuers of reduction, and take a look at the problems of reducing chains with online validity checks.


Full Text: PDF

GI, Gesellschaft für Informatik, Bonn
ISBN 3-88579-348-2


Last changed 04.10.2013 17:55:32