Certificate-based authorization policy in a PKI environment-Reference-Cited by-同舟云学术

Certificate-based authorization policy in a PKI environment

Published:2003-11 Issue:4 Volume:6 Page:566-588
ISSN:1094-9224
Container-title:ACM Transactions on Information and System Security
language:en
Short-container-title:ACM Trans. Inf. Syst. Secur.

Author:

Thompson Mary R.¹,Essiari Abdelilah¹,Mudumbai Srilekha¹

Affiliation:

1. Lawrence Berkeley National Laboratory, Berkeley, CA

Abstract

The major emphasis of public key infrastructure has been to provide a cryptographically secure means of authenticating identities. However, procedures for authorizing the holders of these identities to perform specific actions still need additional research and development. While there are a number of proposed standards for authorization structures and protocols such as KeyNote, SPKI, and SAML based on X.509 or other key-based identities, none have been widely adopted. As part of an effort to use X.509 identities to provide authorization in highly distributed environments, we have developed and deployed an authorization service based on X.509 identified users and access policy contained in certificates signed by X.509 identified stakeholders. The major goal of this system, called Akenti, is to produce a usable authorization system for an environment consisting of distributed resources used by geographically and administratively distributed users. Akenti assumes communication between users and resources over a secure protocol such as transport layer security (TLS) to provide mutual authentication with X.509 certificates. This paper explains the authorization model and policy language used by Akenti, and how we have implemented an Apache authorization module to provide Akenti authorization.

Publisher

Association for Computing Machinery (ACM)

Subject

Safety, Risk, Reliability and Quality,General Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/950191.950196

Reference44 articles.

1. The reality of collaboratories;Agarwal D. A.;Computer Physics Communications,1998

2. Akenti.xsd. 2003. Akenti certificate schema. http://www-itg.lbl.gov/Akenti/docs/AkentiCertificate. xsd.]] Akenti.xsd. 2003. Akenti certificate schema. http://www-itg.lbl.gov/Akenti/docs/AkentiCertificate. xsd.]]

3. Alfieri R. Cecchini R. Ciaschini V. Dell'Agnello L. Frohner A. Gianoli A. Lorentey K. and Spataro F. 2003. VOMS an authorization system for virtual organizations Presented at the 1st European Across Grids Conference Santiago de Compostela February 13--14 2003.]] Alfieri R. Cecchini R. Ciaschini V. Dell'Agnello L. Frohner A. Gianoli A. Lorentey K. and Spataro F. 2003. VOMS an authorization system for virtual organizations Presented at the 1st European Across Grids Conference Santiago de Compostela February 13--14 2003.]]

4. Apache. 2002a. Apache software foundation. http://www.apache.org.]] Apache. 2002a. Apache software foundation. http://www.apache.org.]]

5. Apache. 2002b. Apache module registry. http://modules.apache.org/.]] Apache. 2002b. Apache module registry. http://modules.apache.org/.]]

Cited by 111 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Revocable certificateless Provable Data Possession with identity privacy in cloud storage;Computer Standards & Interfaces;2024-08

2. Sparse Polynomial Multiplication-Based High-Performance Hardware Implementation for CRYSTALS-Dilithium;2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST);2024-05-06

3. Heterogeneous Fault-Tolerant Aggregate Signcryption with Equality Test for Vehicular Sensor Networks;Computer Modeling in Engineering & Sciences;2023

4. Classification-Based Anomaly Prediction in XACML Policies;Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering;2023

5. Awareness Level Analysis of Public Key Infrastructure Security;2022 5th International Conference on Contemporary Computing and Informatics (IC3I);2022-12-14