A Revocation, Validation and Authentication Protocol for SPKI Based Delegation Systems
In distributed systems, the access control mechanism in is often modeled after stand-alone solutions, such as A CLs. Such arrangement, however, is not ideal as the system may be mirrored around the world and maintaining the A CLs becomes a problem. A new approach to this problem is using authorisation certificates to control access to resources. This diminishes management overhead, but introduces problems with revocation. A related problem is enforcing quotas in distributed systems. Traditionally, authorisation certificates just limit the usage interval, but not the volume. In this paper, the authors discuss these problems in SPKI based delegation systems and propose some refinements to the SPKI specification.