Abstract
This work introduces a particular implementation of the X.509 Attribute Certificate framework (Xac), presented in the ITU-T Recommendation. The implementation is based on the use of the Openssl library, that we have chosen for its advantages in comparison with other libraries. The paper also describes how the implementation is middleware-oriented, focusing on the delegation model specified by ITU-T proposal, and taking into consideration the ETSI report about Xac.
This work has been partially supported by the Spanish Ministry of Science and Technology under the Project TIC2003-08184-C02-01
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chadwick, D.: An X.509 Role-based Privilege Management Infrastructure. Business Briefing: Global Infosecurity (2002)
Chadwick, D., Sahalayev, M.: Internet X.509 Public Key Infrastructure LDAP Schema for X.509 Attribute Certificates, draft-ietf-pkix-ldap-ac-schema-00.txt
Covell, C., Bell, M.: OpenCA Guides for 0.9.2+, http://www.openca.org
Ellison, C., et al.: SPKI Certificate Theory. Request for Comments 2693, IETF SPKI Working Group (September 1999)
Farrell, S., Housley, R.: An Internet Attribute Certificate Profile for Authorization. Request for Comments 3281, IETF PKIX Working Group (April 2002)
ITU-T Recommendation X.509. Information Technology - Open systems interconnection - The Directory: Authentication Framework (June 1997)
ITU-T Recommendation X.509. Information Technology - Open systems interconnection - The Directory: Public-key and attribute certificate frameworks (March 2000)
Kaliski, B.: A Layman’s Guide to a Subset of ASN.1, BER, and DER (November 1993)
Parker, T., Pinkas, D.: Sesame v4 Overview, Issue 1 (December 1995)
Vollbrecht, J., Calhoun, P., Farrell, S., et al.: RFC 2904: AAA Authorization Framework (August 2000)
Sanin, A.: XML Security Library Tutorial, http://www.aleksey.com/xmlsec/
Thompson, M.R., Essiari, A., Mudumbai, S.: Certificate-based Authorization Policy in a PKI Environment. TISSEC (2003)
Wahl, M.: RFC 2256: A Summary of the X.500(96) User Schema for use with LDAPv3 (December 1997)
ETSI TS 102 158. Electronic Signatures and Infrastructures (ESI); Policy requirements for Certification Service Providers issuing attribute certificates usable with Qualified certificates, V1.1.1 (October 2003)
Kerberos: The NetworkAuthentication Protocol, http://web.mit.edu/kerberos/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Montenegro, J.A., Moya, F. (2004). A Practical Approach of X.509 Attribute Certificate Framework as Support to Obtain Privilege Delegation. In: Katsikas, S.K., Gritzalis, S., López, J. (eds) Public Key Infrastructure. EuroPKI 2004. Lecture Notes in Computer Science, vol 3093. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25980-0_13
Download citation
DOI: https://doi.org/10.1007/978-3-540-25980-0_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22216-3
Online ISBN: 978-3-540-25980-0
eBook Packages: Springer Book Archive