Modeling X.509 Certificate Policies Using Description Logics
نویسنده
چکیده
Public Key Infrastructures are gaining importance in today's IT environment for managing certificates and keys. It is recognized, that the quality and trustworthiness of certificates depend to a large extend on the practices and procedures a certification authority applies when issuing certificates. These procedures are documented in certificate policies, which are generally text-based documents and therefore cannot be processed by machines. This paper describes a framework based on description logics that addresses this situation. Subsumption will be used to compare policies. Based on a case study of modeling real policies some features of this framework will be described. Learnings and an outlook of future work conclude this paper.
منابع مشابه
Internet - Draft Ldap X
This document describes schema for representing X.509 certificates, X.521 security information, and related elements in directories accessible using the Lightweight Directory Access Protocol (LDAP). The LDAP definitions for these X.509 and X.521 schema elements replaces those provided in RFC 2252 and RFC 2256. 1. Background and Intended Use This document provides LDAP [Roadmap] schema definitio...
متن کاملExpires in six months 11 February 2005
This document describes schema for representing X.509 certificates, X.521 security information, and related elements in directories accessible using the Lightweight Directory Access Protocol (LDAP). The LDAP definitions for these X.509 and X.521 schema elements replaces those provided in RFC 2252 and RFC 2256. 1. Background and Intended Use This document provides LDAP [Roadmap] schema definitio...
متن کاملA Computational Framework for Certificate Policy Operations
The trustworthiness of any Public Key Infrastructure (PKI) rests upon the expectations for trust, and the degree to which those expectations are met. Policies, whether implicit as in PGP and SDSI/SPKI or explicitly required as in X.509, document expectations for trust in a PKI. The widespread use of X.509 in the context of global e-Science infrastructures, financial institutions, and the U.S. F...
متن کاملManaging Interoperability in Non-Hierarchical Public Key Infrastructures
This paper discusses considerations for certificate issuing systems and certificate processing applications, and directory systems in environments that employ nonhierarchical public key infrastructures (PKIs). The observations and recommendations here, while applicable to almost any non-hierarchical PKI, are most relevant to situations where the establishment of interoperability among the PKIs ...
متن کاملSecure Authentication in Group Communications Using Media Access Control (MAC) Address
We propose adding users’ Media Access Control (MAC) addresses to standard X.509 certificates to provide more secure authentication. Recent patents demonstrate efforts on a X.509 certificate by adding security features in order to establish secure communications. The MAC address can be added by the issuing Certification Authority (CA) to the “extensions” section of the X.509 certificate. We demo...
متن کامل