RFC 2693 (rfc2693) - Page 1 of 43
SPKI Certificate Theory
Alternative Format: Original Text Document
Network Working Group C. Ellison
Request for Comments: 2693 Intel
Category: Experimental B. Frantz
Electric Communities
B. Lampson
Microsoft
R. Rivest
MIT Laboratory for Computer Science
B. Thomas
Southwestern Bell
T. Ylonen
SSH
September 1999
SPKI Certificate Theory
Status of this Memo
This memo defines an Experimental Protocol for the Internet
community. It does not specify an Internet standard of any kind.
Discussion and suggestions for improvement are requested.
Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1999). All Rights Reserved.
Abstract
The SPKI Working Group has developed a standard form for digital
certificates whose main purpose is authorization rather than
authentication. These structures bind either names or explicit
authorizations to keys or other objects. The binding to a key can be
directly to an explicit key, or indirectly through the hash of the
key or a name for it. The name and authorization structures can be
used separately or together. We use S-expressions as the standard
format for these certificates and define a canonical form for those
S-expressions. As part of this development, a mechanism for deriving
authorization decisions from a mixture of certificate types was
developed and is presented in this document.
This document gives the theory behind SPKI certificates and ACLs
without going into technical detail about those structures or their
uses.
Ellison, et al. Experimental
