SDSI -- A Simple Distributed Security Infrastructure


Butler Lampson and Ron Rivest
Affiliation: Microsoft and MIT
Abstract: We propose a new, distributed security infrastructure called, SDSI (pronounced "sudsy"). SDSI combines a simple public-key infrastructure design with a means of defining groups and issuing group membership certificates. SDSI's groups provide simple, clear terminology for defining access-control lists and security policies. SDSI's design emphasizes linked local name spaces rather than a hierarchical global name space, though it gracefully accommodates common roots such as DNS.

A key can delegate to a group the authority to sign certificates on behalf of the key. The delegation can be limited to certificates that match a template. Certificates can time out, and they can be reconfirmed by an on-line agent acting for the issuer.

SDSI is optimized for an on-line environment in which clients can interact with servers to learn what credentials are needed to satisfy a request, and can retrieve the needed credentials from other severs. In this environment the system is auto-configuring: there is no need to preload either clients or servers with anything other than their private keys and the definitions of their local name spaces.

For more information, see http://theory.lcs.mit.edu/~rivest/sdsi.ps