Varadharajan et al.
Next: SESAME.
Up: Discussion
Previous: DSSA.
The main revocation strategy proposed
by Varadharajan et al [14]
propagates revocations through delegates. These revocations
might not take effect due to network problems or other distributed
failures. Another solution proposed in [14] assumes
prior-known end point. This is also supported in SDM. Approaches
suggested in their paper require changing the key associated with a
principal. This is not effective in public key systems, which are
generally more manageable and scalable in distributed system (and
are supported in SDM). They also suggest passing a read
capability of the delegation token and not the token itself. Our
approach is vaguely similar in that the end point need to contact
the initiator before servicing. But by using the
pull-once-push-many approach, SDM does not need to contact
initiator because the initiator will multicast revocation details,
if needed.
Nataraj Nagaratnam
Mon Mar 16 18:02:57 EST 1998