[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
"Fuzzy" SPKI (was Re: Certificate Expiration)
At 15:02 08/05/98 -0400, Carl Ellison wrote:
>The other potential meaning of an expiration date is that that's when you
>predict the probability has finally exceeded your threshold of pain, that
>either a key has been compromised or an authorization will have expired.
>Such predictions are so loose to start with, that I suspect the failure mode
>should not be hard the way it is when your seat license expires.
>I'd like to hear more opinions on this issue.
I suppose it's more of a research area than something
for SPKI, but I think that fuzzy sets would be a natural
mechanism to achieve this. In general a 'fuzzification'
of authorisations is interesting to contemplate.
acls/certificates that somewhat authorize foo for X
(foo is somewhat trusted to do X)
acls/certificates that are somewhat valid and somewhat expired
acls/certificates that authorise foo for a small amount of X
(foo is trusted for small transactions)
principals that are somewhat in groups, and somewhat outside
(foo is a trainee administrator, and so is somewhat
as trusted as administrators)
Moreover you could say that a fuzzy set of acls and certs
applies at any given verifier. That is, some acls and certs
could be more active than others, depending on context.
This yields interesting possibilities, such as:
foo is authorised to log in from home IN SERIOUS EMERGENCIES
any administrator is authorised to shut the firewall down IF
THE FIREWALL HAS RECENTLY BEEN ATTACKED
In other words, this seems to bring the mechanism very
close to real-world policy statements.
Maybe defining a fuzzy 5-tuple reduction, plus corresponding
fuzzy validity matching, is a possible route to overlay this
on the existing SPKI. The validity part, as I say, would be
easy to do with fuzzy sets. I guess it's another day's work