Chadwick, David W. (2004) The X.509 Privilege Management Infrastructure. In: Jerman-Blazic, B. and Schneider, W.S. and Klobucar, T., eds. Security and Privacy in Advanced Networking Technologies. NATO Science Series: Computer & Systems Sciences, 193 . IOS Press, Amsterdam, pp. 15-25. ISBN 978-1-58603-430-6. (KAR id:14042)
PDF
Language: English |
|
Download this file (PDF/159kB) |
|
Request a format suitable for use with assistive technology e.g. a screenreader |
Abstract
This paper provides an overview of the Privilege Management Infrastructure (PMI) introduced in the 2000 edition of X.509. It describes the entities in the infrastructure: Sources of Authority, Attribute Authorities and Privilege Holders, as well as the basic data structure - the attribute certificate - that is used to hold privileges. The contents of attribute certificates are described in detail, including the various policy related extensions that may be added to them. The similarities between PMIs and PKIs are highlighted. The paper also describes how attribute certificates can be used to implement the three well known access control schemes: DAC, MAC and RBAC. Finally the paper gives an overview of how a privilege verifier might operate, and the various types of information that need to be provided to it.
Item Type: | Book section |
---|---|
Additional information: | Proceedings of the NATO Advanced Networking Workshop on Advanced Security Technologies in Networking, Bled, Slovenia, 15-18 September 2003. |
Subjects: | Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming, |
Divisions: | Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing |
Depositing User: | Mark Wheadon |
Date Deposited: | 24 Nov 2008 18:01 UTC |
Last Modified: | 05 Nov 2024 09:48 UTC |
Resource URI: | https://kar.kent.ac.uk/id/eprint/14042 (The current URI for this page, for reference purposes) |
- Link to SensusAccess
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):