RFC 2693 (rfc2693) - Page 1 of 43


SPKI Certificate Theory



Alternative Format: Original Text Document



Network Working Group                                         C. Ellison
Request for Comments: 2693                                         Intel
Category: Experimental                                         B. Frantz
                                                    Electric Communities
                                                              B. Lampson
                                                               Microsoft
                                                               R. Rivest
                                     MIT Laboratory for Computer Science
                                                               B. Thomas
                                                       Southwestern Bell
                                                               T. Ylonen
                                                                     SSH
                                                          September 1999


                        SPKI Certificate Theory

Status of this Memo

   This memo defines an Experimental Protocol for the Internet
   community.  It does not specify an Internet standard of any kind.
   Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

Abstract

   The SPKI Working Group has developed a standard form for digital
   certificates whose main purpose is authorization rather than
   authentication.  These structures bind either names or explicit
   authorizations to keys or other objects.  The binding to a key can be
   directly to an explicit key, or indirectly through the hash of the
   key or a name for it.  The name and authorization structures can be
   used separately or together.  We use S-expressions as the standard
   format for these certificates and define a canonical form for those
   S-expressions.  As part of this development, a mechanism for deriving
   authorization decisions from a mixture of certificate types was
   developed and is presented in this document.

   This document gives the theory behind SPKI certificates and ACLs
   without going into technical detail about those structures or their
   uses.






Ellison, et al.               Experimental