A computational framework for certificate policy operations

Gabriel A. Weaver, Scott Rea, Sean W. Smith

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

8 Scopus citations

Abstract

The trustworthiness of any Public Key Infrastructure (PKI) rests upon the expectations for trust, and the degree to which those expectations are met. Policies, whether implicit as in PGP and SDSI/SPKI or explicitly required as in X.509, document expectations for trust in a PKI. The widespread use of X.509 in the context of global e-Science infrastructures, financial institutions, and the U.S. Federal government demands efficient, transparent, and reproducible policy decisions. Since current manual processes fall short of these goals, we designed, built, and tested computational tools to process the citation schemes of X.509 certificate policies defined in RFC 2527 and RFC 3647. Our PKI Policy Repository, PolicyBuilder, and PolicyReporter improve the consistency of certificate policy operations as actually practiced in compliance audits, grid accreditation, and policy mapping for bridging PKIs. Anecdotal and experimental evaluation of our tools on real-world tasks establishes their actual utility and suggests how machine-actionable policy might empower individuals to make informed trust decisions in the future.

Original languageEnglish
Title of host publicationPublic Key Infrastructures, Services and Applications - 6th European Workshop, EuroPKI 2009, Revised Selected Papers
Pages17-33
Number of pages17
DOIs
StatePublished - 2010
Externally publishedYes
Event6th European Workshop on Public Key Services, Applications and Infrastructures, EuroPKI 2009 - Pisa, Italy
Duration: Sep 10 2009Sep 11 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6391 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference6th European Workshop on Public Key Services, Applications and Infrastructures, EuroPKI 2009
Country/TerritoryItaly
CityPisa
Period09/10/0909/11/09

Keywords

  • Certificate Policy Formalization
  • PKI
  • XML

Fingerprint

Dive into the research topics of 'A computational framework for certificate policy operations'. Together they form a unique fingerprint.

Cite this