Distributed Credential Chain Discovery in SPKI/SDSI2.0

Trust management is an approach to access control in a distributed environment. SPKI/SDSI2.0 is the most popular trust management system at present. But the existing credential chain discovery algorithms in SPKI/SDSI2.0 are all centralized. The needed credentials are either provided by users or it is assumed that they have been distributed to local machines before search, but SPKI/SDSI2.0 is a distributed system, in which the credentials are often issued and stored in a distributed manner. To address this problem, a reasonable distributed credentials storage scheme is proposed in this paper. Each credential is stored in one place and all the credentials are subject-traces-all. Based on this scheme, DCCDS （distributed credential chain discovery in SPKI/SDSI2.0） is put forward. Unlike other algorithms, DCCDS neednt reduce credentials and compute the name-reduction closure of a set of credentials. DCCDS searches all the name credentials for one princpal, at the same time, looks for the authorization credentials to all those name credentials. Finally, depth-first search is used to determine whether there exists a chain from self to the requestor. DCCDS is goal-directed, and it could gather automatically relevant name and authorization credentials which are needed. It is shown by theoretical analysis that DCCDS has a higher efficiency; moreover, it could solve the problem of delegation depth elegantly.