RFC 2704 (rfc2704) - Page 3 of 37


The KeyNote Trust-Management System Version 2



Alternative Format: Original Text Document



RFC 2704          The KeyNote Trust-Management System     September 1999


   assertion, which can be sent over an untrusted network, is also
   called a `credential assertion'.  Credential assertions, which also
   serve the role of certificates, have the same syntax as policy
   assertions but are also signed by the principal delegating the trust.

   In KeyNote:

   *  Actions are specified as a collection of name-value pairs.

   *  Principal names can be any convenient string and can directly
      represent cryptographic public keys.

   *  The same language is used for both policies and credentials.

   *  The policy and credential language is concise, highly expressive,
      human readable and writable, and compatible with a variety of
      storage and transmission media, including electronic mail.

   *  The compliance checker returns an application-configured `policy
      compliance value' that describes how a request should be handled
      by the application.  Policy compliance values are always
      positively derived from policy and credentials, facilitating
      analysis of KeyNote-based systems.

   *  Compliance checking is efficient enough for high-performance and
      real-time applications.

   This document describes the KeyNote policy and credential assertion
   language, the structure of KeyNote action descriptions, and the
   KeyNote model of computation.

   We assume that applications communicate with a locally trusted
   KeyNote compliance checker via a `function call' style interface,
   sending a collection of KeyNote policy and credential assertions plus
   an action description as input and accepting the resulting policy
   compliance value as output.  However, the requirements of different
   applications, hosts, and environments may give rise to a variety of
   different interfaces to KeyNote compliance checkers; this document
   does not aim to specify a complete compliance checker API.

2.  KeyNote Concepts

   In KeyNote, the authority to perform trusted actions is associated
   with one or more `principals'.  A principal may be a physical entity,
   a process in an operating system, a public key, or any other
   convenient abstraction.  KeyNote principals are identified by a
   string called a `Principal Identifier'.  In some cases, a Principal
   Identifier will contain a cryptographic key interpreted by the



Blaze, et al.                Informational