73Accesses
3Altmetric
Abstract
We present architecture for a relying-party to manage credentials, and in particular to map different credentials into common format and semantics. This will allow use of simple, widely available credentials as well as more advanced credentials such as public key certificates, attribute certificates and 'negative' credentials (which result in reduced trust) such as certificate revocation lists (CRL). The core of the architecture is a Credential Manager who collects credentials, and maps them to common format and semantics.
This is a preview of subscription content,log in via an institution to check access.
Access this article
Subscribe and save
- Get 10 units per month
- Download Article/Chapter or eBook
- 1 Unit = 1 Article or 1 Chapter
- Cancel anytime
Buy Now
Price includes VAT (Japan)
Instant access to the full article PDF.
Similar content being viewed by others
Explore related subjects
Discover the latest articles and news from researchers in related subjects, suggested using machine learning.References
“A Technical Overview of the eccelerate.com Solution,” http://www.Eccelerate.com.
Abdul-Rahman, A. and S. Hailes. (2000). “Supporting Trust in Virtual Communities.” InProceedings of the Hawaii International Conference on System Sciences Maui, Hawaii.
Blaze, M., J. Feigenbaum, J. Ioannidis, and A. Keromytis. “The KeyNote Trust-Management System.” http://www.cis.upenn.edu/~angelos/keynote.html.
Blaze, M., J. Feigenbaum, and J. Lacy. (1996). “Decentralized Trust Management.” InProc. of the 17th Symposium on Security and Privacy pp. 164-173.
Brands, S. (1999). “Rethinking Public Key Infrastructure and Public Key Certificates—Building in Privacy.” ISBN 90-901-3059-4, Ponsen & Loijen BV, Ph.D. Dissertation, Technical University Eindhoven.
Chokani, S. and W. Ford. (1999). “Internet X.509 Public Key Infrastructure: Certificate Policy and Certification Practices.”
Clarke, D., J.-E. Elien, C. Elison, M. Fradette, A. Morcos and R.L. Rivest. (2000). “Certificate Chain Discovery in SPKI/SDSI.” Manuscript.
Dierks T. and C. Allen. “The TLS Protocol Version 1.0, RFC 2246.” IETF Network Working Group, January 1999.
Ellison, C. (1999). “The Nature of a Usable PKI.”Computer Networks 31, 823–830.
Ellison, C., B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. (1999).SPKI Certificate Theory.
Ellison, C. and B. Schneier. (2000). “10 Risks of PKI.”Computer Security Journal 16(1), 1–7.
Farrell, S. and R. Housley. (2001). “An Internet Attribute Certificate Profile for Authorization.” http://www.ietf.org/internet-drafts/draft-ietf-pkix-ac509prof-09.txt.
Gerck, E. (2000). “Overview Of Certification Systems: X.509, PKIX, CA, PGP and SKIP.”The Bell 1(3), 8.
Golan, I., A. Herzberg, Y. Mass, and O. Green. (2001). “Efficient Trust Policy Evaluation.” Manuscript.
Hallam-Baker, P. and E. Maler (eds.). (2002).Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) http://www.oasis-open.org/committees/security/docs.
Harkins, D. and D. Carrel. (1998). “The Internet Key Exchange (IKE).” IETF Network Working Group, RFC 2409, November 1998.
Herzberg, A. and Y. Mass. (2001). “Relying Party Credential Framework.” InTopics in Cryptography-CT-RSA Lecture Notes in Computer Science, Vol. 2020, pp. 328-343.
Herzberg, A., Y. Mass, J. Mihaeli, D. Naor, and Y. Ravid. (2000). “Access Control Meets Public Key Infrastructure, or: How to Establish Trust in Strangers.” InProc. of IEEE Symp. on Security and Privacy Oakland, CA.
Housley, R., W. Ford, N. Polk, and D. Solo. (1999). “Internet X.509 Public Key Infrastructure: Certificate and CRL Profile.”
ITU-T Recommendation X.509 (1997): “Information Technology-Open Systems Interconnection-The Directory: Authentication Framework.”
ITU-T Recommendation X.509 ISO/IEC 9594-8: “Information Technology-Open Systems Interconnection-The Directory: Public-Key and Attribute Certificate Frameworks”.
Josang, A. (1999). “An Algebra for Assessing Trust in Certification Chains.” In J. Kochmar (ed.),Proceedings of the Network and Distributed Systems Security Symposium (NDSS'99) The Internet Society.
Josang, A., M.A. Patton, and A. Ho. (2001). “Authentication for Humans.” In B. Gavish (ed.),Proceedings of the 9th International Conference on Telecommunication Systems (ICTS2001) Cox School of Business, Southern Methodist University, Dallas.
Kohlas, R. and U. Maurer. (2000). “Reasoning about Public-Key Certification-on Bindings between Entities and Public Keys.”IEEE Journal on Selected Areas in Communications 18(4).
Netscape, SSL 3.0 Specification, http://home.netscape.com/eng/163/index.html.
Resnick, P. and J. Miller. (1996). “PICS: Internet Access Controls Without Censorship.”Communications of the ACM 39(10), 87–93.
Reiter, M.K. and S.G. Stubblebine. (1997). “Path Independence for Authentication in Large-Scale Systems.” InProc. of 4th ACM Conf. on Computer and Comm. Security pp. 57-66.
Santesson, S. (2001). “Logotypes in X.509 certificates.” IETF PKIX Working Group internet draft.
SET. Secure Electronic Transaction, http://www.setco.org.
Simple Public Key Infrastructure (15), http://www.ietf.org/html.chapters/15-chapter. html.
Trust Establishment toolkit, http://www.haifa.il.ibm.com/trusted.html.
XML Security Suite, http://www.alphaworks.ibm.com/tech/xmlsecuritysuite.
Zimmerman, P. (1995).The Official PGP User's Guide Cambridge: MIT Press.
Author information
Authors and Affiliations
Bar-Ilan University, Israel
Amir Herzberg
IBM Haifa Research Lab, Israel
Yosi Mass
- Amir Herzberg
You can also search for this author inPubMed Google Scholar
- Yosi Mass
You can also search for this author inPubMed Google Scholar
Rights and permissions
About this article
Cite this article
Herzberg, A., Mass, Y. Relying Party Credentials Framework.Electronic Commerce Research4, 23–39 (2004). https://doi.org/10.1023/B:ELEC.0000009280.90875.05
Share this article
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative