Review and Revocation of Access Privileges Distributed with PKI Certificates (Transcript of Discussion)
نویسنده
چکیده
Public-key infrastructures (PKIs) that support both identity certificates and access control (e.g., attribute, delegation) certificates are increasingly common. We argue that these PKIs must also support revocation and review policies that are typical of more traditional access control systems; e.g., selective and transitive certificate revocation, and per-object access review. Further, we show that PKIs that eliminate identity certificates, such as the SPKI, resolve only selective revocation problems and, at the same time, make access review more complex.
منابع مشابه
Revocation in the privilege calculus ?
We have previously presented a framework for updating privileges and creating management structures by means of authority certificates. These are used both to create access-level permissions and to delegate authority to other agents. In this paper we extend the framework to support a richer set of revocation schemes. As in the original, we present an associated calculus of privileges, encoded a...
متن کاملRevocation Schemes for Delegated Authorities
We have previously presented a framework for updating privileges and creating management structures by means of authority certificates. These are used both to create access-level permissions and to delegate authority to other agents. In this paper we extend the framework to support a richer set of revocation schemes. As in the original, we present an associated calculus of privileges, encoded a...
متن کاملDistributed Storage and Revocation in Digital Certificate Databases
Public-key cryptography is fast becoming the foundation for those applications that require security and authentication in open networks. But the widespread use of a global public-key cryptosystem requires that public-key certificates are always available and up-to-date. Problems associated to digital certificates management, like storage, retrieval, maintenance, and, specially, revocation, req...
متن کاملSecure Protocol of ABAC Certificates Revocation and Delegation
This paper deals with the maintenance of PKI certificates for Attribute Based Access Control (ABAC). We show, that the current standard has several problems in different revocation and delegation processes. This may lead to a security hole allowing usage of ABAC certificates, when it was revoked or transferred. As a solution we suggest architecture changes, that allow to perform revocation and ...
متن کاملCHECK THE DATE: Reader Revocation in PKI-Based RFID Systems
One prominent open problem with RFID tags that support public key cryptography is revocation of reader certificates. This is an important issue considering that highend RFID tags are geared for public key applications such as e-documents and contactless payment instruments. Furthermore, the problem is unique to public key-based RFID systems, since tags have no clock and thus cannot use traditio...
متن کامل