Certificate creation

Before a protocol run can take place the delegator (file owner) creates a delegation certificate. This delegation certificate contains a digital signature that vouches for his delegation of access rights for a particular file to the other user. The certificate grants the delegatee access to the file. The certificate components that can easily be conveyed verbally are the following:

• the names of the file, the delegator and the delegatee,
• time of creation and expiration
• specification of delegated access rights. In the current design, access rights can be either read or write. A certificate will, thus, enable the delegatee to access the file according to the delegated access rights specified in the delegation certificate.

The verbal delegation ends with the exchange of the bits resembling the signature. Together with the other information exchanged, the signature enables the delegatee to (re)construct a machine readable representation of the certificate. These certificates, obviously, must be readable not only by computers but also by humans. To facilitate this, certificates are encoded in a syntax similar to SDSI [12].