SPKI
Certificate Theory
Citation: Internet RFC 2693,
http://www.cis.ohio-state.edu/htbin/rfc/rfc2693.html, Sept. 1999.
Links: Abstract, Postscript, Acrobat, Web page, Word.
Email: blampson@microsoft.com. This paper is at http://research.microsoft.com.
Abstract:
The SPKI
Working Group has developed a standard form for digital certificates whose main
purpose is authorization rather than authentication. These structures bind either names or
explicit authorizations to keys or other objects. The binding to a key can be directly to an
explicit key, or indirectly through the hash of the key or a name for it. The name and authorization structures can be
used separately or together. We use
S-expressions as the standard format for these certificates and define a
canonical form for those S-expressions.
As part of this development, a mechanism for deriving authorization
decisions from a mixture of certificate types was developed and is presented in
this document.
This document gives the theory behind SPKI certificates and ACLs without going into technical detail about those structures or their uses.