Abstract
One of the most important components in e-conimerce systems is the validation of digital signatures, which implies the validation of certificates in order to check the validity status of the certificates used to create a signature. Nowadays, several mechanisms to accomplish this process exist, but there is no agreement with which particular mechanism should be ued in each scenario. On the other hand, infrastructures based on web services are widely spread due to their several advantages, so it is necessary to adapt the existing services to the new frameworks. There already exists a proposal for a digital signature web service, but there is not any for certificate validation. In this paper we propose a validation service which considers the existing validation certificate mechanisms, that is, it is not restricted to use only a particular protocol, with the aim of satisfying different domains in a homogeneous way, keeping the validation process under client control.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cantor, Scott; Kemp, John; Philpott, Rob and Maler, Eve: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. In: OASIS Security Services (SAML) TC, 2005.
Drees, Stefan: Digital Signature Service Core Protocols, Elements, and Bindings. In: OASIS DSS TC, 2006.
ETSI, XML Advanced Electronic Signatures (XAdES). ETSI TS 101 933.
Freeman, T.; Hously, R.; Malpani, A.; Cooper, D. and Polk, T.: “Simple Certificate Validation Protocol (SCVP)”, IETF RFC. 2005.
Meyers, M.; Ankney, R.; Malpani, A.; Galperin, S. and Adams: “X.509 Internet Public Key Infrastructure Online Certificate Status Protocol-OCSP”, IETF RFC 2560, 1999.
PKI Forum, “Understanding Certification Path Construction”, September 2002.
Housley, R., Polk, W., Ford, W., Solo, D., “Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile”, IETF RFC 3280, April 2002.
Adams, C., Sylvester, P., Zolotarev, M., Zuccherato, R., “Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocol”, IETF RFC 3029, February 2001.
Pinkas, D., Housley, R., “Delegated Path Validation and Delegated Path Discovery Protocol Requirements”, IETF RFC 3379, September 2002.
Berbecaru, D., Lioy, A., “Towards Simplifying PKI Implementation: ClientServer based Validation of Public Key Certificates”. 2002
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2006 Friedr. Vieweg & Sohn Verlag | GWV-Fachverlage GmbH, Wiesbaden
About this chapter
Cite this chapter
Ruiz-MartInez, A., Sanchez-Martínez, D., Inmaculada Marín-López, C., Gömez-Skarmeta, A.F. (2006). Advanced certificate validation service for secure Service-Oriented Architectures. In: ISSE 2006 — Securing Electronic Busines Processes. Vieweg. https://doi.org/10.1007/978-3-8348-9195-2_24
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9195-2_24
Publisher Name: Vieweg
Print ISBN: 978-3-8348-0213-2
Online ISBN: 978-3-8348-9195-2
eBook Packages: Computer ScienceComputer Science (R0)