Sciweavers

CCS
2007
ACM

Alpaca: extensible authorization for distributed services

14 years 6 months ago
Alpaca: extensible authorization for distributed services
Traditional Public Key Infrastructures (PKI) have not lived up to their promise because there are too many ways to define PKIs, too many cryptographic primitives to build them with, and too many administrative domains with incompatible roots of trust. Alpaca is an authentication and authorization framework that embraces PKI diversity by enabling one PKI to “plug in” another PKI’s credentials and cryptographic algorithms, allowing users of the latter to authenticate themselves to services using the former using their existing, unmodified certificates. Alpaca builds on Proof-Carrying Authorization (PCA) [8], expressing a credential as an explicit proof of a logical claim. Alpaca generalizes PCA to express not only delegation policies but also the cryptographic primitives, credential formats, and namespace structures needed to use foreign credentials directly. To achieve this goal, Alpaca introduces a method of creating and naming new principals which behave according to arbitra...
Chris Lesniewski-Laas, Bryan Ford, Jacob Strauss,
Added 07 Jun 2010
Updated 07 Jun 2010
Type Conference
Year 2007
Where CCS
Authors Chris Lesniewski-Laas, Bryan Ford, Jacob Strauss, Robert Morris, M. Frans Kaashoek
Comments (0)