Organizations use PKI (Public Key Infrastructures) to support internal business processes, but some businesses have industrial partnerships with others, and these alliances can exploit B2B (Business to Business) e-commerce capabilities by connecting corporate PKI. The paper deals with two methods to realize access control in extended organization PKI business processes: BCAs (Bridge Certification Authority) create a combined multi-enterprise PKI at the cost of increased complexity when evaluating the acceptability of certificates. But today’s COTS (Commercial Off-The-Shelf) products are not entirely prepared to meet the challenges of bridge-connected PKIs. The paper focuses on designing a secure access control mechanism in extended organization PKI networks based on web service. The secure access control mechanism has integrated the role-based access control in X.509v4 PMI (Privilege Management Infrastructure) with the XML (Extensible Markup Language) security solution. The paper proposes the access control mechanism and realization technology in details, and some measures to improve the system’s running efficiency are suggested.
[1]
William T. Polk,et al.
Public Key Infrastructures that Satisfy Security Goals
,
2003,
IEEE Internet Comput..
[2]
Baoyi Wang,et al.
Constructing Secure Web Service Based on XML
,
2003,
GCC.
[3]
Ravi S. Sandhu,et al.
Binding identities and attributes using digitally signed certificates
,
2000,
Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).
[4]
David W. Chadwick,et al.
Role-Based Access Control With X.509 Attribute Certificates
,
2003,
IEEE Internet Comput..
[5]
Ramaswamy Chandramouli,et al.
The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms
,
2001,
ACM Trans. Inf. Syst. Secur..