Managing the Usage of Authorisation Certificates

Research output: ThesisLicenciate's thesis


Limited valuable resources need protection from unintended users and excessive usage. This problem can be solved using access control of some form. Many good technologies exist for centralised systems, but distributed systems present interest- ing challenges as the technologies are not ideally suited for situations like multiple alternative resources, distributed management or anonymous users.
A proposed solution, SPKI authorisation certificates, naturally provide many of the required characteristics, but they are inadequate to protect limited resources against exploitation. They cannot support use cases where the right can be used e.g. only a certain number of times or up to a specified amount. Instead, they always grant unlimited access.
In this thesis, the author analyses the SPKI certificate model, identifies the missing elements and provides the necessary additions. The resulting model enables numer- ous new application areas. The model is then analysed from points of view of us- ability, security and scalability. The author concludes that good usability is achiev- able with careful design, that the new model has no new substantial security weak- nesses, but that the issue of scalability still merits further work.
Original languageEnglish
QualificationLicentiate's degree
Awarding Institution
  • Aalto University
  • Kari, Hannu, Supervising Professor, External person
Award date30 May 2003
Publication statusPublished - 2003
MoE publication typeG3 Licentiate thesis


  • authorisation certificates
  • SPKI
  • validity management
  • revocation


Dive into the research topics of 'Managing the Usage of Authorisation Certificates'. Together they form a unique fingerprint.

Cite this