Namespaces in SPKI
Carl M. Ellison, Intel

Abstract:

SPKI (Simple Public Key Infrastructure) is an IETF working group effort that has produced a new view of certificates. The earlier view was that a certificate bound a name to a key. In that view, the namespace of the certificate was vitally important. SPKI responded to the facts that:

  1. a name certificate often doesn't tell the user of the certificate anything useful; and
  2. a global namespace is almost guaranteed to be unsatisfactory and even a source of bugs.

There are, as a result, three namespaces used in SPKI:

  1. a global namespace of identifiers of keyholders, 1:1 with their public keys, not subject to the bugs mentioned above (2);
  2. a local namespace of human-useable names, as defined by SDSI (with which SPKI has merged);
  3. a local namespace of authorization verbs and parameters, under individual developer control.

TWIST 99

Irvine Research Unit in Software
Information and Computer Science
University of California, Irvine
Irvine, CA 92697-3425