The setting is one with a file repository (called FR) that manages replication and concurrency control of files [14]. FR has been designed to support users with a variety of equipment, ranging from PDAs to workstations. FR is the research vehicle used to investigate the thesis that users should be involved at the places in a system where decisions (either implicit or explicit) are made. In particular, in a system with PDAs disconnection will be common and consistency problems occur frequently; FR has been designed to allow users to deal with them in any way they choose.
Along the same line of thought: Why should users be forced to contact FR simply to generate a delegation certificate? Stated differently: Is delegation only possible when there is connectivity? Systems that are constructed so that principals must be on line for delegation to take place, effectively exclude PDAs. How to delegate authority without connectivity is the theme central to offline delegation.
In FR, users are represented as principals by their public keys. Consequently, all communication channels can be authenticated for integrity and encrypted for privacy. An integrated part of FRīs design is that authority over files can be delegated freely. More specifically, a delegation certificate names a file and a user, together with an access right (read, write or both), and the time of creation (of the certificate) and when it will expire. The syntax and semantics of delegation certificates are discussed in detail below.
Making offline delegation possible requires that two problems are solved. First, one must be able to generate a valid certificate by means of a PDA without having access to FR. Second, it must be possible to convey the certificate verbally; without a computer network messages must be sent by means of the communication channel that is available; that is, by means of human speach. This constraint rules out every binary representation of certificates in so far that it is unlikely that anyone will be able or willing to read hundreds of digits over the phone. Similar arguments also rule out the use of digital signature schemes relying on long signatures (RSA, for example, with 1024-2048 signature bits).
The following sections describe both the cryptographic techniques and the tools required in order to construct a practical solution to the problems described above.