SPX: global authentication using public key certificates

Abstract

SPX, a reference implementation of an open distributed authentication service architecture based on ISO Standard 9594-9/CCITT X.509 directory public key certificates and hierarchically organized certification authorities, is described. SPX manages the end system state and provides the run-time environment enabling applications to mutually authenticate on the basis of a global principal identity. SPX scales well in that it does not require online trusted components, and permits management of global trust relationship policy in arbitrarily large distributed environments. Conceptual, component, and protocol descriptions are provided.<>