Namespaces in SPKI
Carl M. Ellison, Intel
Abstract:
SPKI (Simple Public Key Infrastructure) is an IETF working group effort
that has produced a new view of certificates. The earlier view was that
a certificate bound a name to a key. In that view, the namespace of the
certificate was vitally important. SPKI responded to the facts that:
-
a name certificate often doesn't tell the user of the
certificate anything useful; and
- a global namespace is almost guaranteed to be unsatisfactory
and even a source of bugs.
There are, as a result, three namespaces used in SPKI:
- a global namespace of identifiers of keyholders, 1:1 with
their public keys, not subject to the bugs mentioned above (2);
- a local namespace of human-useable names, as defined by SDSI
(with which SPKI has merged);
- a local namespace of authorization verbs and parameters,
under individual developer control.
TWIST 99
Irvine Research Unit in Software
Information and Computer Science
University of California, Irvine
Irvine, CA 92697-3425