[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: X.509 ACs vs. SPKI?

"David P. Kemp" wrote:
> which can select the engine to be used.  Automated authorization is not
> a mature field; there are numerous candidates:  NIST's Role Based
> Access Control, SPKI tuples, Novell's Security Attributes, the DoD's
> SDN.801, and many others.  In 10 years, perhaps everyone will agree


> should be used.  The fewer engines applications have to support, the
> better, but I don't think the market is yet convinced that SPKI tuples
> are capable of supplanting RBAC, DoD PRBAC/LRBAC, other chaining
> mechanisms, and plain old ACLs for all public-key-based authorization
> applications.

Hi David.

You're right.  We haven't demonstrated all that yet.  We haven't
tried, yet.  However, I'm confident we will be able to and I look
forward to the resulting interaction either way the demo turns out.

 - Carl

 Carl M. Ellison   cme@alum.mit.edu     http://www.pobox.com/~cme
 PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2
 ``Officer, officer, arrest that man!  He's whistling a dirty song.''
     [Jean Ellison]