[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: X.509 ACs vs. SPKI?
"David P. Kemp" wrote:
> which can select the engine to be used. Automated authorization is not
> a mature field; there are numerous candidates: NIST's Role Based
> Access Control, SPKI tuples, Novell's Security Attributes, the DoD's
> SDN.801, and many others. In 10 years, perhaps everyone will agree
> should be used. The fewer engines applications have to support, the
> better, but I don't think the market is yet convinced that SPKI tuples
> are capable of supplanting RBAC, DoD PRBAC/LRBAC, other chaining
> mechanisms, and plain old ACLs for all public-key-based authorization
You're right. We haven't demonstrated all that yet. We haven't
tried, yet. However, I'm confident we will be able to and I look
forward to the resulting interaction either way the demo turns out.
Carl M. Ellison firstname.lastname@example.org http://www.pobox.com/~cme
PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2
``Officer, officer, arrest that man! He's whistling a dirty song.''