A Java API for X.509 Proxy Certificates
نویسندگان
چکیده
X.509 Proxy Certificates have been proposed for use in the Grid Security Infrastructure to allow dynamic delegation of rights and single sign-on for end users. We have evaluated proxy certificates to secure a service-oriented architecture for digital content based on Web Services. We describe how support for proxy certificates was implemented in Java through extensions to the Java Cryptography API and related security APIs. The principal challenges involved providing control over which proxy certificate to use per SSL connection, validating proxy certificate chains and supporting runtime generation of proxy certificates. External Posting Date: July 6, 2008 [Fulltext] Approved for External Publication Internal Posting Date: July 6, 2008 [Fulltext] © Copyright 2008 Hewlett-Packard Development Company, L.P. A Java API for X.509 Proxy Certificates John Gilbert ([email protected]) Russell Perry ([email protected]) Hewlett Packard Laboratories Bristol, UK Abstract X.509 Proxy Certificates have been proposed for use in the Grid Security Infrastructure to allow dynamic delegation of rights and single sign-on for end users. We have evaluated proxy certificates to secure a service-oriented architecture for digital content based on Web Services. We describe how support for proxy certificates was implemented in Java through extensions to the Java Cryptography API and related security APIs. The principal challenges involved providing control over which proxy certificate to use per SSL connection, validating proxy certificate chains and supporting runtime generation of proxy certificates.X.509 Proxy Certificates have been proposed for use in the Grid Security Infrastructure to allow dynamic delegation of rights and single sign-on for end users. We have evaluated proxy certificates to secure a service-oriented architecture for digital content based on Web Services. We describe how support for proxy certificates was implemented in Java through extensions to the Java Cryptography API and related security APIs. The principal challenges involved providing control over which proxy certificate to use per SSL connection, validating proxy certificate chains and supporting runtime generation of proxy certificates.
منابع مشابه
RBAC Policies in XML for X.509 Based Privilege Management
This paper describes a role based access control policy template for use by privilege management infrastructures where the roles are stored as X.509 Attribute Certificates in an LDAP directory. There is a brief description of the X.509 privilege management model, and how it can be used to implement RBAC. Policies that conform to the template are written in XML, and the template is specified as ...
متن کاملGridCertLib: Use Shibboleth to Access the Grid from Web Portals
This paper describes the design and implementation of GridCertLib, a Java library leveraging a Shibboleth-based authentication infrastructure and the SLCS online certificate signing service, to provide short-lived X.509 certificates and Grid proxies. The main use case envisioned for GridCertLib, is to provide seamless and secure access to Grid/X.509 certificates and proxies in web portals: when...
متن کاملWhich Certificate Authority Should LIGO Use?
LIGO wishes to remove the burden from users of requesting, retrieving, and managing X.509 digital certificates and the associated private keys. A new authentication and authorization infrastructure design includes deploying MyProxy servers at all LIGO computing sites, and storing X.509 certificates and private keys in the MyProxy repositories. Rather than generating a proxy certificate using a ...
متن کاملOCSP for Grids: Compa versus Cac
Nowadays the computational Grid uses X.509 digital certificates for a wide variety of security-related tasks, ranging from user authentication to job execution’s delegation. However to ensure a comprehensive security framework such credentials need to be validated so that revoked, suspended and any other compromised certificate will not be allowed to access Grid resources. To achieve such tasks...
متن کاملAnalysis of the periodical payment framework using restricted proxy certificates
This paper discusses the design and implementation of a payment framework that is loosely based on the direct debit payment model. We define such payments as one in which customers can authorise merchants to bill them repeatedly for the provision of some service without further interaction with the customers being required. This paper aims to present a first working prototype of our periodical ...
متن کامل