A Distributed Certificate Management System (DCMS) Supporting Group-Based Access Controls
نویسندگان
چکیده
Mainly for scalability reasons, many cryptographic security protocols make use of public key cryptography and require the existence of a corresponding public key infrastructure (PKI). A PKI, in turn, consists of one or several certification authorities (CAs) that issue and revoke certificates for users and other CAs. Contrary to its conceptual simplicity, the establishment and operational maintenance of a CA or PKI has turned out to be difficult in practice. As a viable alternative, this paper proposes an architecture for a distributed certificate management system (DCMS) that can also be used to provide support for group-based access controls. The architecture has been prototyped and is being used by the Swiss Federal Strategy Unit for Information Technology (FSUIT) to protect access to intranet re-
منابع مشابه
Certificate Based Authorization Simulation System
Using certificates for distributed authorizations in computer network systems has been discussed in the literature. However real implementations of the concept are rarely seen. In our certificate based authorization simulation system (CBASS) project, we prototyped a computer system including some of the emulated functions of an operating system such as machine, user and file management, and emu...
متن کاملElectronic Credential based Security Management in Decentralized Computing Environment
Role Based Access Control (RBAC) and Access Control List (ACL) are the most commonly adopted access control mechanisms in traditional centralized computing environment. Nowadays people frequently work in a highly dynamic and distributed computing environment, in which two or more heterogeneous systems do not share the same security domain. Traditional access control mechanisms that require pre-...
متن کاملEfficient Verification of Delegation in Distributed Group Membership Management
In ad-hoc networks and other highly distributed and decentralized environments, authorization certificates can be used to control access. Moreover, it is possible to delegate rights listed in the certificate to another users. Several such subsequent delegations build a chain of certificates. Chains of delegation certificates can improve the capability and manageability of systems. Distributed g...
متن کاملDecentralized Resource Management for a Distributed Continuous Media Server
Distributed continuous media server (DCMS) architectures are proposed to minimize the communication-storage cost for those continuous media applications that serve a large number of geographically distributed clients. Typically, a DCMS is designed as a pure hierarchy (tree) of centralized continuous media servers. In an earlier work, we proposed a redundant hierarchical topology for DCMS networ...
متن کامل1st Annual PKI Research Workshop---Proceedings
In a distributed system, using authorisation certificate based access control tends to facilitate the granting of rights. On the other hand, the problems of limiting usage or revoking the rights become more difficult, as the issuer of the right is no longer in control of the issued certificate. In this paper we take a look at the role of certificates in access control, evaluate the technical me...
متن کامل