RFC 2704 (rfc2704) - Page 3 of 37
The KeyNote Trust-Management System Version 2
Alternative Format: Original Text Document
RFC 2704 The KeyNote Trust-Management System September 1999
assertion, which can be sent over an untrusted network, is also
called a `credential assertion'. Credential assertions, which also
serve the role of certificates, have the same syntax as policy
assertions but are also signed by the principal delegating the trust.
In KeyNote:
* Actions are specified as a collection of name-value pairs.
* Principal names can be any convenient string and can directly
represent cryptographic public keys.
* The same language is used for both policies and credentials.
* The policy and credential language is concise, highly expressive,
human readable and writable, and compatible with a variety of
storage and transmission media, including electronic mail.
* The compliance checker returns an application-configured `policy
compliance value' that describes how a request should be handled
by the application. Policy compliance values are always
positively derived from policy and credentials, facilitating
analysis of KeyNote-based systems.
* Compliance checking is efficient enough for high-performance and
real-time applications.
This document describes the KeyNote policy and credential assertion
language, the structure of KeyNote action descriptions, and the
KeyNote model of computation.
We assume that applications communicate with a locally trusted
KeyNote compliance checker via a `function call' style interface,
sending a collection of KeyNote policy and credential assertions plus
an action description as input and accepting the resulting policy
compliance value as output. However, the requirements of different
applications, hosts, and environments may give rise to a variety of
different interfaces to KeyNote compliance checkers; this document
does not aim to specify a complete compliance checker API.
2. KeyNote Concepts
In KeyNote, the authority to perform trusted actions is associated
with one or more `principals'. A principal may be a physical entity,
a process in an operating system, a public key, or any other
convenient abstraction. KeyNote principals are identified by a
string called a `Principal Identifier'. In some cases, a Principal
Identifier will contain a cryptographic key interpreted by the
Blaze, et al. Informational