Distributed Credential Chain Discovery in SPKI/SDSI2.0

Geng Xiuhua; Han Zhen; Jin Li; Wang Qinglong

Journal of Computer Research and Development > 2008 > 45(7): .

Geng Xiuhua, Han Zhen, Jin Li, Wang Qinglong. Distributed Credential Chain Discovery in SPKI/SDSI2.0[J]. Journal of Computer Research and Development, 2008, 45(7).

Citation:

Geng Xiuhua, Han Zhen, Jin Li, Wang Qinglong. Distributed Credential Chain Discovery in SPKI/SDSI2.0[J]. Journal of Computer Research and Development, 2008, 45(7).

Citation:

Geng Xiuhua, Han Zhen, Jin Li, Wang Qinglong. Distributed Credential Chain Discovery in SPKI/SDSI2.0[J]. Journal of Computer Research and Development, 2008, 45(7).

PDF (847 KB)

Distributed Credential Chain Discovery in SPKI/SDSI2.0

1(School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044) 2(Department of Computer, Taiyuan Normal Institute, Taiyuan 030012)

More Information

Published Date: July 14, 2008

Graphical Abstract

Abstract

Abstract

Trust management is an approach to access control in a distributed environment. SPKI/SDSI2.0 is the most popular trust management system at present. But the existing credential chain discovery algorithms in SPKI/SDSI2.0 are all centralized. The needed credentials are either provided by users or it is assumed that they have been distributed to local machines before search, but SPKI/SDSI2.0 is a distributed system, in which the credentials are often issued and stored in a distributed manner. To address this problem, a reasonable distributed credentials storage scheme is proposed in this paper. Each credential is stored in one place and all the credentials are subject-traces-all. Based on this scheme, DCCDS （distributed credential chain discovery in SPKI/SDSI2.0） is put forward. Unlike other algorithms, DCCDS neednt reduce credentials and compute the name-reduction closure of a set of credentials. DCCDS searches all the name credentials for one princpal, at the same time, looks for the authorization credentials to all those name credentials. Finally, depth-first search is used to determine whether there exists a chain from self to the requestor. DCCDS is goal-directed, and it could gather automatically relevant name and authorization credentials which are needed. It is shown by theoretical analysis that DCCDS has a higher efficiency; moreover, it could solve the problem of delegation depth elegantly.
- trust management,
- SPKI/SDSI2.0,
- distributed,
- credential,
- credential chain discovery

FullText(HTML)

References (0)

[1]	Chen Xiaofeng, Song Zhaoxiong, Zheng Peiyu, Zhang Jun, Yu Zhi, Sun Yi. A Multichain-Collaborating Governing Chain-Supervising-Chain Supervision Framework[J]. Journal of Computer Research and Development, 2024, 61(9): 2290-2306. DOI: 10.7544/issn1000-1239.202330279
[2]	Lu Yuxuan, Kong Lanju, Zhang Baochen, Min Xinping. MC-RHotStuff: Multi-Chain Oriented HotStuff Consensus Mechanism Based on Reputation[J]. Journal of Computer Research and Development, 2024, 61(6): 1559-1572. DOI: 10.7544/issn1000-1239.202330195
[3]	Ma Yuhang, Zhang Liang, Wu Xingyu, Li Ming. Multi-Party Cross-Chain Transaction Scheme Based on Distributed Key Generation and Attribute-Based Encryption[J]. Journal of Computer Research and Development, 2023, 60(11): 2534-2544. DOI: 10.7544/issn1000-1239.202330305
[4]	Duan Tiantian, Guo Yi, Li Bo, Zhang Hanwen, Song Zhaoxiong, Li Zhongcheng, Zhang Jun, Sun Yi. PieBridge：An On-Demand Scalable Cross-Chain Architecture[J]. Journal of Computer Research and Development, 2023, 60(11): 2520-2533. DOI: 10.7544/issn1000-1239.202230284
[5]	Feng Yun, Liu Baoxu, Zhang Jinli, Wang Xutong, Liu Chaoge, Shen Mingzhe, Liu Qixu. An Unsupervised Method for Timely Exfiltration Attack Discovery[J]. Journal of Computer Research and Development, 2021, 58(5): 995-1005. DOI: 10.7544/issn1000-1239.2021.20200902
[6]	Zhu Hui, Li Hui, and Wang Yumin. Certificateless Signcryption Scheme Without Pairing[J]. Journal of Computer Research and Development, 2010, 47(9): 1587-1594.
[7]	Geng Xiuhua, Han Zhen, Jin Li, Cao Xianggang. An Efficient Policy Analysis Algorithm for SPKI/SDSI2.0[J]. Journal of Computer Research and Development, 2009, 46(2): 225-234.
[8]	Shi Zhiguo, He Yeping, Zhang Hong. A Scenario of Trust Negotiation Based on TPM Anonymous Credentials[J]. Journal of Computer Research and Development, 2008, 45(8): 1279-1289.
[9]	Qiang Weizhong, Zou Deqing, and Jin Hai. Research on Privacy Preservation Mechanism for Credentials and Policies in Grid Computing Environment[J]. Journal of Computer Research and Development, 2007, 44(1): 11-19.
[10]	Liu Jiamao, Gu Ning, and Shi Baile. Non-Backtrace Backward Chaining Dynamic Composition of Web Services Based on Mediator[J]. Journal of Computer Research and Development, 2005, 42(7): 1153-1158.