Managing Interoperability in Non-Hierarchical Public Key Infrastructures
نویسندگان
چکیده
This paper discusses considerations for certificate issuing systems and certificate processing applications, and directory systems in environments that employ nonhierarchical public key infrastructures (PKIs). The observations and recommendations here, while applicable to almost any non-hierarchical PKI, are most relevant to situations where the establishment of interoperability among the PKIs of disparate organizations is a primary goal. They are based on our work with a PKI interoperability testbed comprised of a bridge certification authority (CA) interconnecting multiple PKIs based on CA products from several vendors. Our view is that the more sophisticated aspects of X.509 certificate issuance and processing (e.g., certificate policies and mappings, name constraints) are tools that allow the PKI to establish the limits of security interoperability between organizations [1]. Consequently, we believe that the extensions for these X.509 features should be routinely populated by certificate issuing systems, and expected and processed by certificate processing applications. The goal of the recommendations herein is to promote interoperability among the PKI relying parties, while still allowing the owning organizations to maintain security control.
منابع مشابه
Public Key Infrastructure Security and Interoperability Testing and Evaluation
Public Key Infrastructures (PKIs) are currently being deployed in increasing sizes, numbers, fast changing technologies, and varying environments but our operational experience to date has been limited to a relatively small scale and small number of environments. Consequently, some open technical and environmental interoperability problems about the ways in which PKIs will be organized and oper...
متن کاملTowards an Integrated Model of Interoperability for Spatial Data Infrastructures
Although there is a vast literature available on interoperability models, and their respective interoperability levels, limited research has been carried out on the development of interoperability models for the implementation of Spatial Data Infrastructures. This article demonstrates the important role of metadata elements in the formalisation of interoperability models for the implementation ...
متن کاملAn interoperability system for authentication and authorisation in VANETs
Vehicular ad hoc networks (VANETs) have evolved considerably over the last years, but despite the wide number of potential applications, VANETs also raise a broad range of critical security and privacy challenges. To achieve privacy, VANETs enforce the concepts of authentication and authorisation via public key infrastructures, relying on a large set of regional certification authorities with e...
متن کاملThe Key Authority - Secure Key Management in Hierarchical Public Key Infrastructures
We model a private key’s life cycle as a finite state machine. The states are the key’s phases of life and the transition functions describe tasks to be done with the key. Based on this we define and describe the key authority, a trust center module, which potentiates the easy enforcement of secure management of private keys in hierarchical public key infrastructures. This is done by assembling...
متن کامل0 Changing Focus on Interoperability in Information Systems: from System, Syntax, Structure to Semantics
Interoperability has been a basic requirement for the modern information systems environment for over two decades. How have key requirements for interoperability changed over that time? How can we understand the full scope of interoperability issues? What has shaped research on information system interoperability? What key progress has been made? This chapter provides some of the answers to the...
متن کامل