[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: delegation question
-----BEGIN PGP SIGNED MESSAGE-----
At 01:19 PM 12/16/97 -0600, Stephen C. Koehler wrote:
>I'm having difficulty figuring out how SPKI solves the following problem of
>Bob has been delegated the authority to sign certificates allowing
>employees to enter his company's building. He will be on vacation for
>a week, so he delegates his building entry authority, with delegation, to
>Alice for a period of one week. During the week, Alice signs a building
>entry certificate for Cliff. It seems that Cliff's authority to enter the
>building will expire with Alice's certificate. Is there a way to make it
>persist? I can't see how to do this with any combination of capability and
>name certificates. Am I missing something?
This is an intriguing case.
To me, Alice is not allowed to give Cliff access beyond Alice's ability to
delegate. After that, Bob will have to give Cliff an extension...because
if Alice can grant Cliff access for a year, then Alice can grant herself
access for a year and Bob obviously didn't intend for her to have access for
that length of time. I think there's a simple solution, however:
If there is some other alternative Bob desires: e.g., that Alice should
temporarily be able to assign end-user access certs that live a year, Bob is
able to delegate to Mike (a machine and trusted by Bob not to cheat) the
long term authority to delegate the desired end authority and grant Alice
the authority to command Mike to issue certificates. Alice's authority can
be time-limited while Mike's isn't. Mike can execute a program to check for
the kinds of things Bob wants enforced while Alice makes decisions about who
gets the target authority. Mike issues the certificates using Alice's
signed inputs (and her authorization cert) as only some of its inputs.
That latter example translates immediately into PolicyMaker of course.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
-----END PGP SIGNATURE-----