[cap-talk] Comparing models
Karp, Alan H
alan.karp at hp.com
Mon Jun 13 09:34:31 PDT 2011
I've changed the subject line to reflect the topic being discussed.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
> -----Original Message-----
> From: David Chadwick [mailto:d.w.chadwick at kent.ac.uk]
> Sent: Saturday, June 04, 2011 3:37 AM
> To: Hoyt L Kesterson II
> Cc: Karp, Alan H
> Subject: Re: We met at the Cornerstones of Trust conference and...
>
> Hi Both
>
> Alan and myself met at the IIW workshop a year or so ago, so we share
> similar viewpoints I believe about credential based authz.
>
> We implemented the X.509 delegation scheme many years ago, and it has
> been available as open source software from then until today, only now
> it also issues SAML assertions as well as X.509 ACs. See
>
> http://sec.cs.kent.ac.uk/permis/
>
> for a complete list of the software we provide.
>
> It is perfectly possible to control the delegation chain using the
> delegation depth concept of X.509. The problem with chains though, is
> tracing them back to their trusted root if the delegate only gives you
> his certificate. For this reason we have implemented a Delegation
> Issuing Service which issues certs on behalf of users (most of whom
> wont
> have keys to sign delegated certs anyway). A public demo of this is
> available here
>
> https://sec.cs.kent.ac.uk/dis.html
>
> Our latest addition (which we call privacy protected delegation - still
> needs to written up as a paper) now allows a delegator to delegate a
> privilege to anyone who is not even known to the delegation service. A
> public demo of this will be available shortly. The software for this is
> already part of our open source release at www.openpermis.org.
>
> I have published several papers on delegation, which you can find
> amongst my list of publications here
>
> http://www.cs.kent.ac.uk/people/staff/dwc8/pubs.html
>
> regards
>
> David
>
> *****************************************************************
> David W. Chadwick, BSc PhD
> Professor of Information Systems Security
> School of Computing, University of Kent, Canterbury, CT2 7NF
> Skype Name: davidwchadwick
> Tel: +44 1227 82 3221
> Fax +44 1227 762 811
> Mobile: +44 77 96 44 7184
> Email: D.W.Chadwick at kent.ac.uk
> Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
> Research Web site:
> http://www.cs.kent.ac.uk/research/groups/iss/index.html
> Entrust key validation string: MLJ9-DU5T-HV8J
> PGP Key ID is 0xBC238DE5
>
> *****************************************************************
More information about the cap-talk
mailing list