SDSI: A Simple Distributed Security Infrastructure

Butler W. Lampson and Ronald L. Rivest

 

Citation: See the SDSI web page at http://theory.lcs.mit.edu/~cis/sdsi.html.

Links: Abstract, Postscript, Acrobat, Web page

Email: blampson@microsoft.com. This paper is at http://research.microsoft.com.

 

Abstract:

We propose a new distributed security infrastructure, called SDSI (pronounced ``Sudsy''). SDSI combines a simple public-key infrastructure design with a means of defining groups and issuing group-membership certificates. SDSIfs groups provides simple, clear terminology for defining access-control lists and security policies. SDSIfs design emphasizes linked local name spaces rather than a hierarchical global name space.