KeyNote 2.3
Sponsored Links
KeyNote 2.3 Ranking & Summary
File size:
0.13 MB
Platform:
Any Platform
License:
(FDL) GNU Free Documentation License
Price:
Downloads:
1205
Date added:
2006-07-14
Publisher:
Angelos Keromytis
KeyNote 2.3 description
KeyNote is a simple and flexible trust-management system designed to work well for applications.
Trust management, introduced in the PolicyMaker system [BFL96], is a unified approach to specifying and interpreting security policies, credentials, and relationships; it allows direct authorization of security-critical actions. A trust-management system provides standard, general-purpose mechanisms for specifying application security policies and credentials. Trust-management credentials describe a specific delegation of trust and subsume the role of public key certificates; unlike traditional certificates, which bind keys to names, credentials can bind keys directly to the authorization to perform specific tasks.
A language for describing `actions, which are operations with security consequences that are to be controlled by the system.
A mechanism for identifying `principals, which are entities that can be authorized to perform actions.
A language for specifying application `policies, which govern the actions that principals are authorized to perform.
A language for specifying `credentials, which allow principals to delegate authorization to other principals.
A `compliance checker, which provides a service to applications for determining how an action requested by principals should be handled, given a policy and a set of credentials.
The trust-management approach has a number of advantages over other mechanisms for specifying and controlling authorization, especially when security policy is distributed over a network or is otherwise decentralized.
Trust management unifies the notions of security policy, credentials, access control, and authorization. An application that uses a trust- management system can simply ask the compliance checker whether a requested action should be allowed. Furthermore, policies and credentials are written in standard languages that are shared by all trust-managed applications; the security configuration mechanism for one application carries exactly the same syntactic and semantic structure as that of another, even when the semantics of the applications themselves are quite different.
Trust-management policies are easy to distribute across networks, helping to avoid the need for application-specific distributed policy configuration mechanisms, access control lists, and certificate parsers and interpreters.
For a general discussion of the use of trust management in distributed system security, see [Bla99].
KeyNote is a simple and flexible trust-management system designed to work well for a variety of large- and small- scale Internet-based applications. It provides a single, unified language for both local policies and credentials. KeyNote policies and credentials, called `assertions, contain predicates that describe the trusted actions permitted by the holders of specific public keys. KeyNote assertions are essentially small, highly-structured programs. A signed assertion, which can be sent over an untrusted network, is also called a `credential assertion. Credential assertions, which also serve the role of certificates, have the same syntax as policy assertions but are also signed by the principal delegating the trust.
In KeyNote:
Actions are specified as a collection of name-value pairs.
Principal names can be any convenient string and can directly represent cryptographic public keys.
The same language is used for both policies and credentials.
The policy and credential language is concise, highly expressive, human readable and writable, and compatible with a variety of storage and transmission media, including electronic mail.
The compliance checker returns an application-configured `policy compliance value that describes how a request should be handled by the application. Policy compliance values are always positively derived from policy and credentials, facilitating analysis of KeyNote-based systems.
Compliance checking is efficient enough for high-performance and real-time applications.
This document describes the KeyNote policy and credential assertion language, the structure of KeyNote action descriptions, and the KeyNote model of computation.
Trust management, introduced in the PolicyMaker system [BFL96], is a unified approach to specifying and interpreting security policies, credentials, and relationships; it allows direct authorization of security-critical actions. A trust-management system provides standard, general-purpose mechanisms for specifying application security policies and credentials. Trust-management credentials describe a specific delegation of trust and subsume the role of public key certificates; unlike traditional certificates, which bind keys to names, credentials can bind keys directly to the authorization to perform specific tasks.
A language for describing `actions, which are operations with security consequences that are to be controlled by the system.
A mechanism for identifying `principals, which are entities that can be authorized to perform actions.
A language for specifying application `policies, which govern the actions that principals are authorized to perform.
A language for specifying `credentials, which allow principals to delegate authorization to other principals.
A `compliance checker, which provides a service to applications for determining how an action requested by principals should be handled, given a policy and a set of credentials.
The trust-management approach has a number of advantages over other mechanisms for specifying and controlling authorization, especially when security policy is distributed over a network or is otherwise decentralized.
Trust management unifies the notions of security policy, credentials, access control, and authorization. An application that uses a trust- management system can simply ask the compliance checker whether a requested action should be allowed. Furthermore, policies and credentials are written in standard languages that are shared by all trust-managed applications; the security configuration mechanism for one application carries exactly the same syntactic and semantic structure as that of another, even when the semantics of the applications themselves are quite different.
Trust-management policies are easy to distribute across networks, helping to avoid the need for application-specific distributed policy configuration mechanisms, access control lists, and certificate parsers and interpreters.
For a general discussion of the use of trust management in distributed system security, see [Bla99].
KeyNote is a simple and flexible trust-management system designed to work well for a variety of large- and small- scale Internet-based applications. It provides a single, unified language for both local policies and credentials. KeyNote policies and credentials, called `assertions, contain predicates that describe the trusted actions permitted by the holders of specific public keys. KeyNote assertions are essentially small, highly-structured programs. A signed assertion, which can be sent over an untrusted network, is also called a `credential assertion. Credential assertions, which also serve the role of certificates, have the same syntax as policy assertions but are also signed by the principal delegating the trust.
In KeyNote:
Actions are specified as a collection of name-value pairs.
Principal names can be any convenient string and can directly represent cryptographic public keys.
The same language is used for both policies and credentials.
The policy and credential language is concise, highly expressive, human readable and writable, and compatible with a variety of storage and transmission media, including electronic mail.
The compliance checker returns an application-configured `policy compliance value that describes how a request should be handled by the application. Policy compliance values are always positively derived from policy and credentials, facilitating analysis of KeyNote-based systems.
Compliance checking is efficient enough for high-performance and real-time applications.
This document describes the KeyNote policy and credential assertion language, the structure of KeyNote action descriptions, and the KeyNote model of computation.
KeyNote 2.3 Screenshot
KeyNote 2.3 Keywords
KeyNote
System Designed
Designed To
work well
to work
KeyNote 2.3
for applications
credentials
policy
system
applications
policies
security
KeyNote 2.3
Monitoring
System
Bookmark KeyNote 2.3
KeyNote 2.3 Copyright
WareSeeker periodically updates pricing and software information of KeyNote 2.3 full version from the publisher, so some information may be slightly out-of-date. You should confirm all information before relying on it. Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future development of KeyNote 2.3 Edition. Download links are directly from our publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
Featured Software
Want to place your software product here?
Please contact us for consideration.
Contact WareSeeker.com
Related Information
home security systems
open door policy
abstract title policy
an insurance policy with bodily injury coverage covers
policy manual
keynoter newspaper
applications for employment
systemax
policies procedures
credentials online
policy and procedures gl account reconciliation
your college credentials
job applications
keynote speakers
solar system
life insurance policies
foreign policy
policy studies
Version History
Related Software
KeyCluster is a high availability (HA) system for mission critical applications running on Solaris (Sparc and x86), Linux, AIX. Free Download
Linare Operating System meets entire needs and fulfills all requirements of this era. Free Download
Sanos is a minimalistic 32-bit x86 OS kernel for network server appliances running on standard PC hardware. Free Download
JNotify is a Java library that allow Java applications to receive file system events on windows and linux. Free Download
Systrace enforces system call policies for applications by constraining the applications access to the system. Free Download
Equalizer is a programming interface and resource management system for scalable multipipe applications. Free Download
Etlinux is a complete Linux-based system designed to run on very small industrial computers. Free Download
Free-SA is a statistic analyzer for Linux systems. Free Download
Latest Software
Popular Software
Favourite Software
