Collaboration among independent administrative domains would require: i) confidentiality, integrity, non-repudiation of communication between the domains; ii) minimum and reversible modifications to the intra-domain pre-collaboration setup; iii) maintain functional autonomy while collaborating; and, iv) ability to quickly transform from post-collaboration to pre-collaboration stage. In this paper, we put forward our mechanism that satisfies above requirements while staying within industry standards so that the mechanism becomes practical and deployable. Our approach is based on X.509 certificate extension. We have designed a non-critical extension capturing users' rights in such a unique way that the need for collaboration or the post-collaboration stage does not require update of the certificate. Thus, greatly reducing the revocation costs and size of CRLs. Furthermore, rights amplification and degradation of users from collaborating domains into host domain can be easily performed. Thus, providing functional autonomy to collaborators. Initiation of collaboration among two domains require issuance of one certificate from each domain and revocation of these certificates ends the collaboration - ease of manageability. © 2010 Springer-Verlag.

Resource management with X.509 inter-domain authorization certificates (InterAC) / Patil, V.; Gasti, P.; Mancini, L.; Chiola, G.. - 6391:(2010), pp. 34-50. (Intervento presentato al convegno 6th European Workshop on Public Key Services, Applications and Infrastructures, EuroPKI 2009 tenutosi a Pisa, ita) [10.1007/978-3-642-16441-5_3].

Resource management with X.509 inter-domain authorization certificates (InterAC)

Mancini L.;
2010

Abstract

Collaboration among independent administrative domains would require: i) confidentiality, integrity, non-repudiation of communication between the domains; ii) minimum and reversible modifications to the intra-domain pre-collaboration setup; iii) maintain functional autonomy while collaborating; and, iv) ability to quickly transform from post-collaboration to pre-collaboration stage. In this paper, we put forward our mechanism that satisfies above requirements while staying within industry standards so that the mechanism becomes practical and deployable. Our approach is based on X.509 certificate extension. We have designed a non-critical extension capturing users' rights in such a unique way that the need for collaboration or the post-collaboration stage does not require update of the certificate. Thus, greatly reducing the revocation costs and size of CRLs. Furthermore, rights amplification and degradation of users from collaborating domains into host domain can be easily performed. Thus, providing functional autonomy to collaborators. Initiation of collaboration among two domains require issuance of one certificate from each domain and revocation of these certificates ends the collaboration - ease of manageability. © 2010 Springer-Verlag.
2010
6th European Workshop on Public Key Services, Applications and Infrastructures, EuroPKI 2009
access control; collaboration; inter-domain authorization; manageability; PKI
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
Resource management with X.509 inter-domain authorization certificates (InterAC) / Patil, V.; Gasti, P.; Mancini, L.; Chiola, G.. - 6391:(2010), pp. 34-50. (Intervento presentato al convegno 6th European Workshop on Public Key Services, Applications and Infrastructures, EuroPKI 2009 tenutosi a Pisa, ita) [10.1007/978-3-642-16441-5_3].
File allegati a questo prodotto
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1527136
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? 0
social impact