HOME

TheInfoList



Click Here for Items Related To - SPKI
OR:
SPKI on:   [Wikipedia]   [Google]   [Amazon]

Simple public key infrastructure (SPKI, pronounced ''spoo-key'') was an attempt to overcome the complexity of traditional X.509
public key infrastructure A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facil ...
. It was specified in two
Internet Engineering Task Force The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and ...
(IETF)
Request for Comments A Request for Comments (RFC) is a publication in a series from the principal technical development and standards-setting bodies for the Internet, most prominently the Internet Engineering Task Force (IETF). An RFC is authored by individuals or ...
(RFC) specifications— and —from the IET
SPKI working group
These two RFCs never passed the "experimental" maturity level of the IETF's RFC status. The SPKI specification defined an authorization certificate format, providing for the delineation of privileges, rights or other such attributes (called authorizations) and binding them to a public key. In 1996, SPKI was merged with Simple Distributed Security Infrastructure (SDSI, pronounced ''sudsy'') by Ron Rivest and Butler Lampson.


History and overview

The original SPKI had identified principals only as
public key Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic a ...
s but allowed binding authorizations to those keys and delegation of authorization from one key to another. The encoding used was attribute:value pairing, similar to headers. The original SDSI bound local names (of individuals or groups) to public keys (or other names), but carried authorization only in
Access Control List In computer security, an access-control list (ACL) is a list of permissions associated with a system resource (object). An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on giv ...
s (ACLs) and did not allow for delegation of subsets of a principal's authorization. The encoding used was standard S-expression. Sample RSA public key in SPKI in "advanced transport format" (for actual transport the structure would be