|
Title:
|
USING SPKI/SDSI FOR DISTRIBUTED MAINTENANCE OF ATTRIBUTE RELEASE POLICIES IN SHIBBOLETH |
|
Author(s):
|
Sidharth Nazareth , Sean Smith |
|
ISBN:
|
972-99353-0-0 |
|
Editors:
|
Pedro Isaías and Nitya Karmakar |
|
Year:
|
2004 |
|
Edition:
|
1 |
|
Keywords:
|
Shibboleth, SPKI/SDSI, privacy. |
|
Type:
|
Full Paper |
|
First Page:
|
218 |
|
Last Page:
|
226 |
|
Language:
|
English |
|
Cover:
|
|
|
Full Contents:
|
click to dowload 
|
|
Paper Abstract:
|
The Shibboleth middleware from Internet2 provides a way for users at higher-education institutions to access remote electronic content in compliance with the inter-institutional license agreements that govern such access. To protect end-user privacy, Shibboleth permits users to construct attribute release policies that control what user credentials a given content provider can obtain. However, Shibboleth leaves unspecified how to construct these policies. To be effective, a solution needs to accommodate the typical nature of a university: a set of decentralized fiefdoms. This need argues for a public-key infrastructure (PKI) approachsince public-key cryptography does not require parties to agree on a secret beforehand, and parties distributed throughout the institution are unlikely to agree on anything. However, this need also argues against the strict hierarchical structure of traditional PKIpolicy in different fiefdoms will be decided differently, and originate within the fiefdom, rather than from an overall root. This paper presents our design and prototype of a system that uses the decentralized public-key framework of Simple Public Key Infrastructure/Simple Distributed Security Infrastructure (SPKI/SDSI) to solve this problem. |
|
|
|
|
|
|
