SDSI – A Simple Distributed Security Infrastructure

We propose a new distributed security infrastructure, called SDSI (pronounced «Sudsy»). SDSI combines a simple public-key infrastructure design with a means of defining groups and issuing group-membership certificates. SDSI’s group provides simple, clear terminology for defining access-control lists and security policies. SDSI’s design emphasizes linked local name spaces rather than a hierarchical global name space.