Preliminary steps in designing and implementing a privilege verifier for PMI

by   Diana Berbecaru, et al.

We have designed and deployed a system that uses X.509 public-key certificates (PKC) and attribute certificates (AC) for access control. This includes an authorization service for on-line environments where clients are identified by X.509 PKCs and their privileges are expressed with X.509 ACs. During a request to a protected resource, a privilege verifier decides if the user satisfies all the requirements to get access to the controlled resource. In this paper we focus on the steps to be performed by the privilege verifier, which is the entity in charge of validating both the PKCs and the ACs involved. The validation of PKCs and of ACs are two separate tasks but they are closely related. In our system we have identified two distinct entities: the privilege verifier whose task is to validate ACs, and the certificate validation server, whose task is to validate the PKCs. The validation of PKC is more complex, and it thus can be implemented and provided as a service by a dedicated authority, named Validation Authority. This paper describes the model, architecture and implementation of this system. It also includes some preliminary measurements and our future plans for the development of the system.


page 1

page 2

page 3

page 4


Towards Simplifying PKI Implementation: Client-Server based Validation of Public Key Certificates

With real-time certificate validation checking, a public-key-using syste...

Towards Anthropo-inspired Computational Systems: the P^3 Model

This paper proposes a model which aim is providing a more coherent frame...

A Community-Driven Validation Service for Standard Medical Imaging Objects

Digital medical imaging laboratories contain many distinct types of equi...

Design and Experimental Validation of a Software-Defined Radio Access Network Testbed with Slicing Support

Network slicing is a fundamental feature of 5G systems to partition a si...

Modeling and verification method for an early validation of a train system

This paper presents the results achieved while pursuing the verification...

Blade: A Blockchain-supported Architecture for Decentralized Services

Decentralized services and applications provide a multitude of advantage...

Smart Ticket Protection: An Architecture for Cyber-Protecting Physical Tickets Using Digitally Signed Random Pattern Markers

In order to counter forgeries of tickets for public transport or mass ev...