Gesellschaft für Informatik e.V.

Lecture Notes in Informatics

Informatik bewegt: Informatik 2002 - 32. Jahrestagung der Gesellschaft für Informatik e.v. (GI), 30. September - 3.Oktober 2002 in Dortmund. P-19, 449-454 (2002).

GI, Gesellschaft für Informatik, Bonn


Sigrid E. Schubert (ed.), Bernd Reusch (ed.), Norbert Jesse (ed.)

Copyright © GI, Gesellschaft für Informatik, Bonn


SPKI performance and certificate chain reduction

Yki Kortesniemi


Authorisation certificate based access control owes much of its expressive power to delegation; delegation enables distributed access control management, where the authorisation decisions are manifested as certificate chains. Unfortunately, these chains have to be evaluated every time a right is used, and if the right is used repeatedly, this can result in significant performance overhead. However, if the chains are replaced with reduction certificates, this overhead can be cut down. In this paper we discuss performance in SPKI and how it can be improved with certificate chain reduction. We elaborate on certificate chains, reduction certificates, and their performance implications, the choice of issuers of reduction, and take a look at the problems of reducing chains with online validity checks.

Full Text: PDF

GI, Gesellschaft für Informatik, Bonn
ISBN 3-88579-348-2

Last changed 04.10.2013 17:55:32