Paper Info
Title
A computational framework for certificate policy operations
Abstract
The trustworthiness of any Public Key Infrastructure (PKI) rests upon the expectations for trust, and the degree to which those expectations are met. Policies, whether implicit as in PGP and SDSI/SPKI or explicitly required as in X.509, document expectations for trust in a PKI. The widespread use of X.509 in the context of global e-Science infrastructures, financial institutions, and the U.S. Federal government demands efficient, transparent, and reproducible policy decisions. Since current manual processes fall short of these goals, we designed, built, and tested computational tools to process the citation schemes of X.509 certificate policies defined in RFC 2527 and RFC 3647. Our PKI Policy Repository, PolicyBuilder, and PolicyReporter improve the consistency of certificate policy operations as actually practiced in compliance audits, grid accreditation, and policy mapping for bridging PKIs. Anecdotal and experimental evaluation of our tools on real-world tasks establishes their actual utility and suggests how machine-actionable policy might empower individuals to make informed trust decisions in the future.
Year
DOI
Venue
2009
10.1007/978-3-642-16441-5_2
EuroPKI
Keywords
Field
DocType
machine-actionable policy,u.s. federal government demand,computational framework,trust decision,pki policy repository,actual utility,reproducible policy decision,policy mapping,public key infrastructure,certificate policy operation,certificate policy,xml,pki
Public key infrastructure,Certificate policy,Audit,XML,Computer security,Computer science,Accreditation,Grid,Government,Certificate
Conference
Volume
ISSN
ISBN
6391
0302-9743
3-642-16440-4
Citations 
PageRank 
References 
5
0.49
12
Authors
3
Name
Order
Citations
PageRank
Gabriel A. Weaver1153.03
Scott A. Rea2222.97
Sean W. Smith31240205.10