论文信息 - FlexiCert: merging X.509 identity certificates and attribute certificates

FlexiCert: merging X.509 identity certificates and attribute certificates

In the last few years, X.509 based identity certificates are routinely used in the Internet. Another class of certificates, the attribute certificate, has emerged in the recent past, which is used to represent and manage attributes such as access control and role permissions. We describe a new class of X.509 certificates called FlexiCert, which enables attributes to be securely and efficiently added to an identity certificate during the lifetime of the identity certificate. We describe the issues concerning attribute certificates and the advantages of merging attributes with identity certificates. We identify the advantages of FlexiCert over existing mechanisms.

Jianying Zhou | Anantharaman Lakshminarayanan

[1] Russ Housley,et al. Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[2] Leslie Lamport,et al. Password authentication with insecure communication , 1981, CACM.

[3] Russ Housley,et al. An Internet Attribute Certificate Profile for Authorization , 2002, RFC.

[4] S. Micali,et al. NOVOMODO : Scalable Certificate Validation and Simplified PKI Management , 2002 .

[5] Joon S. Park,et al. Smart Certi cates: Extending X.509 for Secure Attribute Services on the Web , 1999 .

[6] Tim Wright,et al. Transport Layer Security (TLS) Extensions , 2003, RFC.

[7] Carlisle M. Adams,et al. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.