SPX is a reference implementation of an open distributed
authentication service architecture based on ISO Standard 9594\2558/CCITT
X.509 Directory Public Key Certificates and hierarchically organized
Certification Authorities.  SPX manages the end system state and provides
the run\255time environment enabling applications to mutually
authenticate on the basis of a global principal identity.  SPX scales
well in that it does not require online trusted components, and permits
management of global trust relationship policy in arbitrarily large
distributed environments.  Conceptual, component and protocol
descriptions are provided.

	SPX is a portable, self contained implementation of a distributed
authentication service intended for open (TCP/IP) network environments.
SPX is specifically designed to deal with distributed management of trust
relationships in arbitrarily large networks with multiple, mutually
suspicious jurisdictional authorities, and to scale well without the need
for on line, globally trusted authorities.  SPX shares many concepts and
data structures in common with ISO/CCITT X.509 Directory Authentication
and Internet Privacy Enhanced mail including use of the same public key
technology and certificate infrastructure, but operates independently of
either of these applications.

SPX represents an initial subset implementation of a larger security
architecture that encompasses both authentication and a number of other
security facilities.  (This architecture has been partially described in
Gasser et. al.)