[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: delegation question

To: "Stephen C. Koehler" <koehler@securecomputing.com>
Subject: Re: delegation question
From: Carl Ellison <cme@cybercash.com>
Date: Wed, 17 Dec 1997 01:26:35 -0500
Cc: spki@c2.net
In-Reply-To: <199712161919.NAA17238@sente.sctc.com>
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

At 01:19 PM 12/16/97 -0600, Stephen C. Koehler wrote:
>I'm having difficulty figuring out how SPKI solves the following problem of
>delegation:
>
>Bob has been delegated the authority to sign certificates allowing
>employees to enter his company's building.  He will be on vacation for
>a week, so he delegates his building entry authority, with delegation, to
>Alice for a period of one week.  During the week, Alice signs a building
>entry certificate for Cliff.  It seems that Cliff's authority to enter the
>building will expire with Alice's certificate.  Is there a way to make it
>persist?  I can't see how to do this with any combination of capability and
>name certificates.  Am I missing something?

This is an intriguing case.

To me, Alice is not allowed to give Cliff access beyond Alice's ability to 
delegate.  After that, Bob will have to give Cliff an extension...because 
if Alice can grant Cliff access for a year, then Alice can grant herself 
access for a year and Bob obviously didn't intend for her to have access for 
that length of time.  I think there's a simple solution, however:

If there is some other alternative Bob desires: e.g., that Alice should 
temporarily be able to assign end-user access certs that live a year, Bob is 
able to delegate to Mike (a machine and trusted by Bob not to cheat) the 
long term authority to delegate the desired end authority and grant Alice 
the authority to command Mike to issue certificates.  Alice's authority can 
be time-limited while Mike's isn't.  Mike can execute a program to check for 
the kinds of things Bob wants enforced while Alice makes decisions about who 
gets the target authority.  Mike issues the certificates using Alice's 
signed inputs (and her authorization cert) as only some of its inputs.

That latter example translates immediately into PolicyMaker of course.

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3

iQCVAwUBNJdwmhN3Wx8QwqUtAQF/gAP/bJGBTDnKK+FJc4yQikTUUNzhNHd3pEoa
5lyUa3jsLPynyUcEpqUzSOuJUPW68ifYRaNzKr/SkVj1pvg5lb7EiYm3RXWHEgrj
VWd4TT9fmRHUP429Uy3A4UTJYNGfV9e9+4cy8hxJWHX12oGQZL+0BPquQ0kyyqT8
7oNJDC5fbiA=
=kbNI
-----END PGP SIGNATURE-----

+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

Follow-Ups:

Re: delegation question

From: "Stephen C. Koehler" <koehler@securecomputing.com>

References:

delegation question

From: "Stephen C. Koehler" <koehler@securecomputing.com>

Prev by Date: Re: delegation question
Next by Date: Re: Out on a loop
Prev by thread: Re: delegation question
Next by thread: Re: delegation question
Index(es):
- Main
- Thread