© University of Kent - Contact | Feedback | Legal | FOI | Cookies
The X.509 privilege management infrastructure
D.W. Chadwick
In Borka Jerman-Blazic, Wolfgang Schneider, and Tomaz Klobucar, editors, Proceedings of the NATO Advanced Networking Workshop on Advanced Security Technologies in Networking, Bled, Slovenia, pages 182-196. IOS Press, June 2003.Abstract
This paper provides an overview of the Privilege Management Infrastructure (PMI) introduced in the 2000 edition of X.509. It describes the entities in the infrastructure: Sources of Authority, Attribute Authorities and Privilege Holders, as well as the basic data structure - the attribute certificate - that is used to hold privileges. The contents of attribute certificates are described in detail, including the various policy related extensions that may be added to them. The similarities between PMIs and PKIs are highlighted. The paper also describes how attribute certificates can be used to implement the three well known access control schemes: DAC, MAC and RBAC. Finally the paper gives an overview of how a privilege verifier might operate, and the various types of information that need to be provided to it.
Download publication 67 kbytes (PDF)Bibtex Record
@incollection{2124,
author = {D.W. Chadwick},
title = {The {X.509} Privilege Management Infrastructure},
month = {June},
year = {2003},
pages = {182-196},
keywords = {determinacy analysis, Craig interpolants},
note = {},
doi = {},
url = {http://www.cs.kent.ac.uk/pubs/2003/2124},
publication_type = {incollection},
booktitle = {Proceedings of the NATO Advanced Networking Workshop on Advanced Security Technologies in Networking, Bled, Slovenia},
publisher = {IOS Press},
editor = {Borka Jerman-Blazic and Wolfgang Schneider and Tomaz Klobucar},
}