Making Certificates Programmable

Certificates carry signed statements within a PublicKey Infrastructure (PKI). As we begin to build more complex and more open PKIs, the limited expressiveness of current certificate languages becomes a concern. While certificates are traditionally treated as simple data structures conforming to a given schema, we show an alternative derivation of the concept of a certificate in which certificates can contain control information in the form of program code. One example is program code written in declarative statements in a variant of the relational algebra, which can work together in rich ways.

[1]  E. F. Codd,et al.  A relational model of data for large shared data banks , 1970, CACM.

[2]  Yuri Gurevich,et al.  Datalog vs. first-order logic , 1989, 30th Annual Symposium on Foundations of Computer Science.

[3]  E. F. Codd,et al.  A Relational Model for Large Shared Data Banks , 1970 .

[4]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[5]  Joachim Biskup,et al.  Achievements of Relational Database Schema Design Theory Revisited , 1995, Semantics in Databases.

[6]  John DeTreville,et al.  Binder, a logic-based security language , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[7]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[8]  Irving L. Traiger,et al.  System R: relational approach to database management , 1976, TODS.

[9]  R. Smullyan First-Order Logic , 1968 .

[10]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[11]  Luca Cardelli,et al.  Abstractions for Mobile Computation , 1999, Secure Internet Programming.

[12]  Sarah Kuester Semantics in Databases , 1995, Lecture Notes in Computer Science.