[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: X.509 ACs vs. SPKI?

To: "David P. Kemp" <dpkemp@missi.ncsc.mil>
Subject: Re: X.509 ACs vs. SPKI?
From: Carl Ellison <cme@acm.org>
Date: Tue, 25 May 1999 19:02:35 -0700
CC: ietf-pkix@imc.org, spki@c2.net, Carl Ellison <carl.m.ellison@intel.com>
References: <199905251458.KAA09190@ara.missi.ncsc.mil>
Sender: owner-spki@c2.net

"David P. Kemp" wrote:
[snip]
> which can select the engine to be used.  Automated authorization is not
> a mature field; there are numerous candidates:  NIST's Role Based
> Access Control, SPKI tuples, Novell's Security Attributes, the DoD's
> SDN.801, and many others.  In 10 years, perhaps everyone will agree

[...]

> should be used.  The fewer engines applications have to support, the
> better, but I don't think the market is yet convinced that SPKI tuples
> are capable of supplanting RBAC, DoD PRBAC/LRBAC, other chaining
> mechanisms, and plain old ACLs for all public-key-based authorization
> applications.

Hi David.

You're right.  We haven't demonstrated all that yet.  We haven't
tried, yet.  However, I'm confident we will be able to and I look
forward to the resulting interaction either way the demo turns out.

 - Carl

-- 
 Carl M. Ellison   cme@alum.mit.edu     http://www.pobox.com/~cme
 PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2
 ``Officer, officer, arrest that man!  He's whistling a dirty song.''
     [Jean Ellison]

References:

RE: X.509 ACs vs. SPKI?

From: "David P. Kemp" <dpkemp@missi.ncsc.mil>

Prev by Date: Re: X.509 ACs vs. SPKI?
Next by Date: Re: X.509 ACs vs. SPKI?
Prev by thread: RE: X.509 ACs vs. SPKI?
Next by thread: Re: X.509 ACs vs. SPKI?
Index(es):
- Main
- Thread