SDSI – A Simple Distributed Security Infrastructure

Ronald L. Rivest, Butler Lampson

We propose a new distributed security infrastructure, called SDSI (pronounced “Sudsy”). SDSI combines a simple public-key infrastructure design with a means of defining groups and issuing group-membership certificates. SDSI’s group provides simple, clear terminology for defining access-control lists and security policies. SDSI’s design emphasizes linked local name spaces rather than a hierarchical global name space.