Part of the book series:Lecture Notes in Computer Science ((LNSC,volume 6391))
Included in the following conference series:
615Accesses
Abstract
The trustworthiness of any Public Key Infrastructure (PKI) rests upon the expectations for trust, and the degree to which those expectations are met. Policies, whether implicit as in PGP and SDSI/SPKI or explicitly required as in X.509, document expectations for trust in a PKI. The widespread use of X.509 in the context of global e-Science infrastructures, financial institutions, and the U.S. Federal government demands efficient, transparent, and reproducible policy decisions. Since currentmanual processes fall short of these goals, we designed, built, and testedcomputational tools to process the citation schemes of X.509 certificate policies defined in RFC 2527 and RFC 3647. OurPKI Policy Repository,PolicyBuilder, andPolicyReporter improve the consistency of certificate policy operations as actually practiced in compliance audits, grid accreditation, and policy mapping for bridging PKIs. Anecdotal and experimental evaluation of our tools on real-world tasks establishes their actual utility and suggests how machine-actionable policy might empower individuals to make informed trust decisions in the future.
This work was supported in part by the NSF (under grant CNS-0448499), the U.S. Department of Homeland Security (under Grant Award Number 2006-CS-001-000001), and AT&T. The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of any of the sponsors.
This is a preview of subscription content,log in via an institution to check access.
Access this chapter
Subscribe and save
- Get 10 units per month
- Download Article/Chapter or eBook
- 1 Unit = 1 Article or 1 Chapter
- Cancel anytime
Buy Now
- Chapter
- JPY 3498
- Price includes VAT (Japan)
- eBook
- JPY 5719
- Price includes VAT (Japan)
- Softcover Book
- JPY 7149
- Price includes VAT (Japan)
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
4BF - Four Bridges Foruhttp://www.the4bf.com/ (retrieved May 29, 2009)
Alterman, P.: Reformatting Entity CP’s into RFC 3647 Format (November 2006),http://www.cio.gov/fpkipa/documents/PolicyMemoRFC3647v1.pdf (retrieved May 30, 2009)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: IEEE Symposium on Security and Privacy, pp. 164–173 (1996)
Bradner, S.: RFC 2119: Key words for use in RFCs to Indicate Requirement Levels (March 1997)
Burnard, L., Bauman, S.: TEI P5: Guidelines for Electronic Text Encoding and Interchange, 5th edn (2007)
Cantor, S., Kemp, J., Philpott, R., Maler, E.: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML V2.0) (2005)
Casola, V., Mazzeo, A., Mazzocca, N., Rak, M.: An Innovative Policy-Based Cross Certification Methodology for Public Key Infrastructures. In: Chadwick, D., Zhao, G. (eds.) EuroPKI 2005. LNCS, vol. 3545, pp. 100–117. Springer, Heidelberg (2005)
Casola, V., Mazzeo, A., Mazzocca, N., Vittorini, V.: Policy Formalization to Combine Separate Systems into Larger Connected Network of Trust. In: Net-Con, p. 425 (2002)
Chadwick, D.W., Otenko, A.: RBAC Policies in XML for X.509 Based Privilege Management. In: SEC, p. 39 (2002)
Chadwick, D.W., Sasse, A.: The Virtuous Circle of Expressing Authorization Policies. In: Semantic Web Policy Workshop (2006)
Chokhani, S., Ford, W.: RFC 2527: Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (March 1999)
Chokhani, S., Ford, W., Sabett, R., Merrill, C., Wu, S.: RFC 3657: Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (November 2003)
Crane, G.: The Perseus Digital Library fromhttp://www.perseus.tufts.edu/hopper/ (retrieved May 29, 2009)
Smith, D.: CTS-URNs: Overview (December 2008),http://chs75.harvard.edu/projects/diginc/techpub/cts-urn-overview (retrieved May 29, 2009)
Dué,C., Ebbott,M., Blackwell,C., Smith,D.: The Homer Multitext Project (2007),http://chs.harvard.edu/chs/homer_multitext (retrieved May 29, 2009)
Ball, E., Chadwick, D.W., Basden, A.: The Implementation of a System for Evaluating Trust in a PKI Environment. Paper presented at the Trust in the Network Economy, Evolaris (2003)
Anonymized for Submission. Canonical Text Services CTS,http://cts3.sourceforge.net/ (retrieved May 29, 2009)
Gold, R.: WEBTrust / client FAQ (1997-2004),http://www.webtrust.net/faq-client.shtml (retrieved May 29, 2009)
Grimm, R., Hetschold, T.: Security Policies in OSI-Management Experiences from the DeTeBerkom Project BMSec. Computer Networks and ISDN Systems 28, 499 (1996)
Housley, R., Polk, T.: Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure. Wiley Computer Publishing, Chichester (2001)
International Grid Trust Federation Charter,http://www.igtf.net/new-doc/IGTF-Federation-20051005-1-igtf.html/ (retrieved May 29, 2009)
ISO 21188: Public Key Infrastructure for Financial Services—Practices and Policy Framework (2006)
Jensen, J.: Presentation for the CAOPS-IGTF session at OGF25 (March 2009)
Klobucar, T., Blazic, B.J.: A Formalisation and Evaluation of Certificate Policies. Computer Communications 22, 1104 (1999)
Koorn, R., van Walsem, P., Lundin, M.: Auditing and Certification of a Public Key Infrastructure. Information Systems Control Journal 5 (2002)
Mendes, S., Huitema, C.: A New Approach to the X.509 Framework: Allowing a Global Authentication Infrastructure without a Global Trust Model. In: Network and Distributed System Security, pp. 172–189 (1995)
Moses, T.: eXtensible Access Control Markup Language XACML Version 2.0 (2005)
OpenCA Research Labs,http://www.openca.org/ (retrieved May 29, 2009)
Pala, M., Cholia, S., Rea, S., Smith, S.: Extending PKI Interoperability in Computational Grids. In: IEEE International Symposium on Cluster Computing and the Grid, pp. 645–650 (2008)
Powell, G.: Beginning XML Databases, p. 260. Wiley Publishing, Chichester (2007)
Schmeh, K.: A Critical View on RFC 3647. In: López, J., Samarati, P., Ferrer, J.L. (eds.) EuroPKI 2007. LNCS, vol. 4582, p. 369. Springer, Heidelberg (2007)
Anonymized For Submission. Applying Domain Knowledge from Structured Citation Formats to Text and Data Mining: Examples Using the CITE Architecture. In: Text Mining Services, p. 129 (2009)
Tanaka, Y., Viljoen, M., Rea S.: Guidelines for Auditing Grid CAs version 1.0 (February 2009),http://www.ggf.org/Public_Comment_Docs/Documents/2009-02/AuditGuidelines-Feb26_2009.pdf (retrieved May 30, 2009)
Trcek, D., Jerman-Blazic, B., Pavesic, N.: Security Policy Space Definition and Structuring. Computer Standards & Interfaces 18(2), 191–195 (1996)
Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (2006),http://infotech.aicpa.org/NR/rdonlyres/05A9970C-A574-406D-BE82-5BE60D17F90F/0/Trust_Services_PC_10_2006.pdf (retrieved May 29, 2009)
Walsh, N., Muellner, L.: DocBook: The Definitive Guide (July 1999)
Author information
Authors and Affiliations
Dartmouth College, Hanover, NH 03755, USA
Gabriel A. Weaver, Scott Rea & Sean W. Smith
- Gabriel A. Weaver
You can also search for this author inPubMed Google Scholar
- Scott Rea
You can also search for this author inPubMed Google Scholar
- Sean W. Smith
You can also search for this author inPubMed Google Scholar
Editor information
Editors and Affiliations
National Research Council (C.N.R.), Istituto di Informatica e Telematica (IIT), Pisa Research Area, Via. G. Moruzzi 1, 56125, Pisa, Italy
Fabio Martinelli
Dept. Electrical Engineering-ESAT/COSIC, Katholieke Universiteit Leuven, Kasteelpark Arenberg 10, Bus 2446, 3001, Leuven, Belgium
Bart Preneel
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Weaver, G.A., Rea, S., Smith, S.W. (2010). A Computational Framework for Certificate Policy Operations. In: Martinelli, F., Preneel, B. (eds) Public Key Infrastructures, Services and Applications. EuroPKI 2009. Lecture Notes in Computer Science, vol 6391. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16441-5_2
Download citation
Publisher Name:Springer, Berlin, Heidelberg
Print ISBN:978-3-642-16440-8
Online ISBN:978-3-642-16441-5
eBook Packages:Computer ScienceComputer Science (R0)
Share this paper
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative