RFC 2704 (rfc2704) - Page 1 of 37
The KeyNote Trust-Management System Version 2
Alternative Format: Original Text Document
Network Working Group M. Blaze
Request for Comments: 2704 J. Feigenbaum
Category: Informational J. Ioannidis
AT&T Labs - Research
A. Keromytis
U. of Pennsylvania
September 1999
The KeyNote Trust-Management System Version 2
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1999). All Rights Reserved.
Abstract
This memo describes version 2 of the KeyNote trust-management system.
It specifies the syntax and semantics of KeyNote `assertions',
describes `action attribute' processing, and outlines the application
architecture into which a KeyNote implementation can be fit. The
KeyNote architecture and language are useful as building blocks for
the trust management aspects of a variety of Internet protocols and
services.
1. Introduction
Trust management, introduced in the PolicyMaker system [BFL96], is a
unified approach to specifying and interpreting security policies,
credentials, and relationships; it allows direct authorization of
security-critical actions. A trust-management system provides
standard, general-purpose mechanisms for specifying application
security policies and credentials. Trust-management credentials
describe a specific delegation of trust and subsume the role of
public key certificates; unlike traditional certificates, which bind
keys to names, credentials can bind keys directly to the
authorization to perform specific tasks.
Blaze, et al. Informational
