Sciweavers

IADIS
2004

Using SPKI/SDSI for Distributed Maintenance of Attribute Release Policies in Shibboleth

14 years 1 months ago
Using SPKI/SDSI for Distributed Maintenance of Attribute Release Policies in Shibboleth
The Shibboleth middleware from Internet2 provides a way for users at higher-education institutions to access remote electronic content in compliance with the inter-institutional license agreements that govern such access. To protect enduser privacy, Shibboleth permits users to construct attribute release policies that control what user credentials a given content provider can obtain. However, Shibboleth leaves unspecified how to construct these policies. To be effective, a solution needs to accommodate the typical nature of a university: a set of decentralized fiefdoms. This need argues for a public-key infrastructure (PKI) approach--since public-key cryptography does not require parties to agree on a secret beforehand, and parties distributed throughout the institution are unlikely to agree on anything. However, this need also argues against the strict hierarchical structure of traditional PKI--policy in different fiefdoms will be decided differently, and originate within the fiefdom...
Sidharth Nazareth, Sean W. Smith
Added 31 Oct 2010
Updated 31 Oct 2010
Type Conference
Year 2004
Where IADIS
Authors Sidharth Nazareth, Sean W. Smith
Comments (0)