We are pleased to announce the production (non-beta) release of the
KeyNote Trust Management Toolkit and Open-Source Reference
Implementation, version 2. The toolkit was developed by Angelos
Keromytis of the University of Pennsylvania.
KeyNote is a small, flexible trust management system designed to be
especially suitable for Internet-style applications. KeyNote provides
a single, uniform language for specifying security policies and
credentials, and can be used as an application policy description
language as well as as a format for public-key credentials. KeyNote
is a joint project of Matt Blaze, Joan Feigenbaum and John Ioannidis
of AT&T Laboratories and Angelos Keromytis of the University of
Pennsylvania.
KeyNote provides a standard, common mechanism for managing security
policy, credentials, access control, and authorization. An
application built with KeyNote simply asks the "compliance checker"
whether potentially dangerous actions should be allowed according to
policy. Policies and credentials are written in a standard language
that is shared across applications; the security configuration
mechanism for one application carries exactly the same syntactic and
semantic structure as that of another, even if the semantics of the
applications themselves are quite different.
The basic KeyNote language and implementation are essentially without
intellectual property constraints (as far as we know). We have not
patented the KeyNote system or trust management generally (although of
course anyone, including us, could invent and patent some specific
novel application of trust management based on KeyNote). The KeyNote
toolkit is covered under a Berkeley-style open source license and can
be freely incorporated (with attribution) into commercial and
non-commercial software. The software is, of course, distributed
completely without warranty. Use it, like everything obtained from
the net, completely at your own risk.
This release has been tested under several flavors of BSD and Linux,
and should work with limited coaxing on most UNIX and Win32 platforms,
but we make no guarantee that it will work correctly in any specific
environment. The API interfaces are substantially compatible with the
recent KeyNote toolkit beta releases. To build KeyNote with
credential signature verification, you'll need the OpenSSL toolkit or
a recent release of the SSLeay library. The toolkit is distributed as
a GZIPed TAR archive (".tar.gz" format). Unpack it with either
gzcat keynote-2.0.tar.gz | tar xvf -
or with
tar xzvf keynote-2.0.tar.gz
A full description of the KeyNote language can be found in RFC-2704,
which can be obtained from the standard Internet RFC archives or from:
<http://www.crypto.com/papers/rfc2704.txt>
This release of the KeyNote toolkit can be downloaded from:
<http://www.crypto.com/keynote-2.0.tar.gz>
or via anonymous ftp from:
<ftp://ftp.research.att.com/dist/mab/keynote-2.0.tar.gz>
or from Angelos Keromytis' KeyNote web page at:
<http://www.cis.upenn.edu/~angelos/keynote.html>
If you use KeyNote, please let us know at [EMAIL PROTECTED]
There is a (low-bandwidth) mailing list for KeyNote users and
developers. To subscribe, send an email message to
<[EMAIL PROTECTED]> containing the line:
subscribe keynote-users
-matt
