Skip to main content
Kent Academic Repository

The X.509 Privilege Management Infrastructure

Chadwick, David W. (2004) The X.509 Privilege Management Infrastructure. In: Jerman-Blazic, B. and Schneider, W.S. and Klobucar, T., eds. Security and Privacy in Advanced Networking Technologies. NATO Science Series: Computer & Systems Sciences, 193 . IOS Press, Amsterdam, pp. 15-25. ISBN 978-1-58603-430-6. (KAR id:14042)


This paper provides an overview of the Privilege Management Infrastructure (PMI) introduced in the 2000 edition of X.509. It describes the entities in the infrastructure: Sources of Authority, Attribute Authorities and Privilege Holders, as well as the basic data structure - the attribute certificate - that is used to hold privileges. The contents of attribute certificates are described in detail, including the various policy related extensions that may be added to them. The similarities between PMIs and PKIs are highlighted. The paper also describes how attribute certificates can be used to implement the three well known access control schemes: DAC, MAC and RBAC. Finally the paper gives an overview of how a privilege verifier might operate, and the various types of information that need to be provided to it.

Item Type: Book section
Additional information: Proceedings of the NATO Advanced Networking Workshop on Advanced Security Technologies in Networking, Bled, Slovenia, 15-18 September 2003.
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Mark Wheadon
Date Deposited: 24 Nov 2008 18:01 UTC
Last Modified: 16 Nov 2021 09:52 UTC
Resource URI: (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.