Skip to main content
SpringerLink
Log in

A Practical Approach of X.509 Attribute Certificate Framework as Support to Obtain Privilege Delegation

  • Conference paper
Public Key Infrastructure (EuroPKI 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3093))

Included in the following conference series:

Abstract

This work introduces a particular implementation of the X.509 Attribute Certificate framework (Xac), presented in the ITU-T Recommendation. The implementation is based on the use of the Openssl library, that we have chosen for its advantages in comparison with other libraries. The paper also describes how the implementation is middleware-oriented, focusing on the delegation model specified by ITU-T proposal, and taking into consideration the ETSI report about Xac.

This work has been partially supported by the Spanish Ministry of Science and Technology under the Project TIC2003-08184-C02-01

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Chadwick, D.: An X.509 Role-based Privilege Management Infrastructure. Business Briefing: Global Infosecurity (2002)

    Google Scholar 

  2. Chadwick, D., Sahalayev, M.: Internet X.509 Public Key Infrastructure LDAP Schema for X.509 Attribute Certificates, draft-ietf-pkix-ldap-ac-schema-00.txt

    Google Scholar 

  3. Covell, C., Bell, M.: OpenCA Guides for 0.9.2+, http://www.openca.org

  4. Ellison, C., et al.: SPKI Certificate Theory. Request for Comments 2693, IETF SPKI Working Group (September 1999)

    Google Scholar 

  5. Farrell, S., Housley, R.: An Internet Attribute Certificate Profile for Authorization. Request for Comments 3281, IETF PKIX Working Group (April 2002)

    Google Scholar 

  6. ITU-T Recommendation X.509. Information Technology - Open systems interconnection - The Directory: Authentication Framework (June 1997)

    Google Scholar 

  7. ITU-T Recommendation X.509. Information Technology - Open systems interconnection - The Directory: Public-key and attribute certificate frameworks (March 2000)

    Google Scholar 

  8. Kaliski, B.: A Layman’s Guide to a Subset of ASN.1, BER, and DER (November 1993)

    Google Scholar 

  9. Parker, T., Pinkas, D.: Sesame v4 Overview, Issue 1 (December 1995)

    Google Scholar 

  10. Vollbrecht, J., Calhoun, P., Farrell, S., et al.: RFC 2904: AAA Authorization Framework (August 2000)

    Google Scholar 

  11. Sanin, A.: XML Security Library Tutorial, http://www.aleksey.com/xmlsec/

  12. Thompson, M.R., Essiari, A., Mudumbai, S.: Certificate-based Authorization Policy in a PKI Environment. TISSEC (2003)

    Google Scholar 

  13. Wahl, M.: RFC 2256: A Summary of the X.500(96) User Schema for use with LDAPv3 (December 1997)

    Google Scholar 

  14. ETSI TS 102 158. Electronic Signatures and Infrastructures (ESI); Policy requirements for Certification Service Providers issuing attribute certificates usable with Qualified certificates, V1.1.1 (October 2003)

    Google Scholar 

  15. http://www.apache-ssl.org/

  16. http://www.openssh.com/

  17. http://www.opera.com/

  18. Kerberos: The NetworkAuthentication Protocol, http://web.mit.edu/kerberos/

  19. http://www.columbia.edu/ariel/ssleay/

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, E.T.S. Ingenieria Informatica, Universidad de Malaga, Spain

    Jose A. Montenegro & Fernando Moya

Authors
  1. Jose A. Montenegro
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fernando Moya
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Technology Education and Digital Systems, University of Piraeus, 150 Androutsou St., GR-18532, Pireaus, Greece

    Sokratis K. Katsikas

  2. Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, Samos, Greece

    Stefanos Gritzalis

  3. Department of Information and Communication Technologies, University of A Coruña, Spain

    Javier López

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Montenegro, J.A., Moya, F. (2004). A Practical Approach of X.509 Attribute Certificate Framework as Support to Obtain Privilege Delegation. In: Katsikas, S.K., Gritzalis, S., López, J. (eds) Public Key Infrastructure. EuroPKI 2004. Lecture Notes in Computer Science, vol 3093. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25980-0_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-25980-0_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22216-3

  • Online ISBN: 978-3-540-25980-0

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation