Collaboration among independent administrative domains would require: i) confidentiality, integrity, non-repudiation of communication between the domains; ii) minimum and reversible modifications to the intra-domain pre-collaboration setup; iii) maintain functional autonomy while collaborating; and, iv) ability to quickly transform from post-collaboration to pre-collaboration stage. In this paper, we put forward our mechanism that satisfies above requirements while staying within industry standards so that the mechanism becomes practical and deployable. Our approach is based on X.509 certificate extension. We have designed a non-critical extension capturing users' rights in such a unique way that the need for collaboration or the post-collaboration stage does not require update of the certificate. Thus, greatly reducing the revocation costs and size of CRLs. Furthermore, rights amplification and degradation of users from collaborating domains into host domain can be easily performed. Thus, providing functional autonomy to collaborators. Initiation of collaboration among two domains require issuance of one certificate from each domain and revocation of these certificates ends the collaboration - ease of manageability. © 2010 Springer-Verlag.
Resource management with X.509 inter-domain authorization certificates (InterAC) / Patil, V.; Gasti, P.; Mancini, L.; Chiola, G.. - 6391:(2010), pp. 34-50. (Intervento presentato al convegno 6th European Workshop on Public Key Services, Applications and Infrastructures, EuroPKI 2009 tenutosi a Pisa, ita) [10.1007/978-3-642-16441-5_3].
Resource management with X.509 inter-domain authorization certificates (InterAC)
Mancini L.;
2010
Abstract
Collaboration among independent administrative domains would require: i) confidentiality, integrity, non-repudiation of communication between the domains; ii) minimum and reversible modifications to the intra-domain pre-collaboration setup; iii) maintain functional autonomy while collaborating; and, iv) ability to quickly transform from post-collaboration to pre-collaboration stage. In this paper, we put forward our mechanism that satisfies above requirements while staying within industry standards so that the mechanism becomes practical and deployable. Our approach is based on X.509 certificate extension. We have designed a non-critical extension capturing users' rights in such a unique way that the need for collaboration or the post-collaboration stage does not require update of the certificate. Thus, greatly reducing the revocation costs and size of CRLs. Furthermore, rights amplification and degradation of users from collaborating domains into host domain can be easily performed. Thus, providing functional autonomy to collaborators. Initiation of collaboration among two domains require issuance of one certificate from each domain and revocation of these certificates ends the collaboration - ease of manageability. © 2010 Springer-Verlag.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
