Abstract
Authentication services provided by Public Key Infrastructures (PKI) do not satisfy the needs of many e-commerce applications. These applications require additional use of authorization services in order for users to prove what they are allowed to do. Attribute certificates have changed the way in which the authorization problem has been considered until now, and Privilege Management Infrastructures (PMI) provide the necessary support for a wide use of those certificates. Although both types of infrastructures, PKIs and PMIs, keep some kind of relation, they can operate autonomously. This fact is specially interesting for companies who have taken or will take the decision to outsource PKI services. However, outsourcing PMI services is not a good option for many companies because sometimes information contained in attribute certificates is confidential. Therefore attribute certificates must be managed very carefully and, preferably, only inside the company. In this paper we present a new design of PMI that is specially suited for those companies that outsource PKI services but still need to manage the PMI internally. The scheme provides additional advantages that satisfy the needs of intra-company attribute certification, and eliminates some of the problems associated with the revocation procedures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
C. Adams, S. Lloyd, “Understanding Public-Key Infrastructure: Concepts, Standards and Deployment Considerations”, New Riders, 1999
D. Chadwick, “An X.509 Role-based Privilege Management Infrastructure”, Business Briefing: Global Infosecurity, 2002
D. Crocker, “Standard for the format of Arpa Internet Text Messages”, Request for Comments 822, August 1982
C. Ellison et al. “SPKI Certificate Theory”, Request for Comments 2693, IETF SPKI Working Group, September 1999
S. Farrell, R. Housley, “An Internet Attribute Certificate Profile for Authorization”, Request for Comments 3281, IETF PKIX Working Group, April 2002
D. Ferraiolo, R. Jun, “Role-based access control”, Proc. 15th NIST-NCSC National Computer Security Conference, 1992, pp. 554–563
R. Housley, “Cryptographic Message Syntax”, Request for Comments 2630, IETF PKIX Working Group, June 1999
J. Hwang, K. Wu, D. Liu, “Access Control with Role Attribute Certificates”, Computer Standards and Interfaces, vol. 22, March 2000, pp. 43–53
ITU-T Recommendation X.509, “Information Technology-Open systems interconnection-The Directory: Authentication Framework”, June 1997
ITU-T Recommendation X.509, “Information Technology-Open systems interconnection-The Directory: Public-key and attribute certificate frameworks”, March 2000
B. Kaliski “A Layman’s Guide to a Subset of ASN.1, BER, and DER”, November 1993
M. Lira, “Outsourcing your security to a Global Provider”, Business Briefing: Global Infosecurity, 2002
A. Nash, W. Duane, C. Joseph, D. Brink, “PKI: Implementing and Managing E-Security”, McGraw-Hill, 2001
R. Oppliger, G. Pernul, and Ch. Strauss. “Using Attribute Certificates to Implement Role-based Authorization and Access Control”, Proceedings of the 4. Fachtagung Sicherheit in Informationssystemen (SIS 2000), Zürich, October 2000, pp. 169–184
R.S. Sandhu, E.J. Coyne, H. Feinstein, C.E. Youman, “Role-based access control models”, IEEE Computer Vol. 29, No. 2, 1996, pp. 38–47
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dawson, E., Lopez, J., Montenegro, J.A., Okamoto, E. (2002). A New Design of Privilege Management Infrastructure for Organizations Using Outsourced PKI. In: Chan, A.H., Gligor, V. (eds) Information Security. ISC 2002. Lecture Notes in Computer Science, vol 2433. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45811-5_10
Download citation
DOI: https://doi.org/10.1007/3-540-45811-5_10
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44270-7
Online ISBN: 978-3-540-45811-1
eBook Packages: Springer Book Archive