Delegation Issuing Service for X . 509
نویسنده
چکیده
This paper describes the concept of a delegation issuing service (DIS), which is a service that issues X.509 attribute certificates on behalf of an attribute authority (typically a manager). The paper defines the X.509 certificate extensions that are being proposed for the 2005 edition of X.509 in order to implement the DIS concept, as well as the additional steps that a relying party will need to undertake when validating certificates issued in this way. The paper also presents our initial experiences of designing a DIS to add to the PERMIS authorization infrastructure. The paper concludes by reviewing some of the previous standards work in delegation of authority and anticipating some of the further standardization work that is still required in the field of privilege management.
منابع مشابه
Scalability Issues in PMI Delegation
The Canadian Department of National Defence (DND) is shifting its methods for the delegation and exercise of authority from paper-based to electronic-based means. DND has deployed a commercial PKI but there is no general technical solution presently employed by DND for access control or electronic authorization of workflow in distributed processing environments. The aim of this research is to s...
متن کامل1st Annual PKI Research Workshop---Proceedings
The Canadian Department of National Defence (DND) is shifting its methods for the delegation and exercise of authority from paper-based to electronic-based means. DND has deployed a commercial PKI but there is no general technical solution presently employed by DND for access control or electronic authorization of workflow in distributed processing environments. The aim of this research is to s...
متن کاملA Java API for X.509 Proxy Certificates
X.509 Proxy Certificates have been proposed for use in the Grid Security Infrastructure to allow dynamic delegation of rights and single sign-on for end users. We have evaluated proxy certificates to secure a service-oriented architecture for digital content based on Web Services. We describe how support for proxy certificates was implemented in Java through extensions to the Java Cryptography ...
متن کاملAuthentication and Delegation in Internet Aplications
The paper presents an overview of classical authentication schemes actually used on the internet. It shows that they are not suitable for an environment where Delegation is needed and presents public key cryptography as a option for the use of Delegation. It ends with some comments on X.509 and further extensions.
متن کاملA Graphical Delegation Solution for X.509 Attribute Certificates
Delegation is a major goal when a real scalable distributed authorization system is needed. However, the uncontrolled use of delegation statements can become an important security threat; for instance, any user could improperly obtain over a resource the same privileges as the owner of that resource. Therefore, delegation solutions should include a mechanism to control the delegation of privile...
متن کامل