پشتیبانی رسمی برای سیاست های مدیریت گواهینامه

Traditionally, creation and revocation of certificates are governed by policies that are carried manually, off-line, by trusted agents. This approach to certificate management is appropriate for many current applications, where these policies cannot be verified automatically (e.g. require verification of non-digital credentials). But it is expensive, time consuming and error-prone for the growing class of applications where certificate management policies can be formalized and carried out automatically. We argue that, in these cases, creation and revocation of certificates could be viewed as any other on-line service available in a system. Access to these particular service instances could be regulated much in the same manner as file access or resource allocation. This paper proposes a formulation for certification and revocation policies, and a framework for their support. In this framework, certificate management policies are enforced by generic policy engines, wrapped around certification authorities and revocation servers. The proposed framework is easy to deploy, requiring no modifications of current public-key infrastructure (PKI). Moreover, we show that this framework is quite affordable, even in its present, experimental stage.

Certificates, by which we mean digitally signed credentials of some sort, are increasingly used for authentication. This is in part due to the advent of electronic commerce which requires means for establishing trust between parties which are physically distant from each other. And it is in part due to the fact that the use of traditional password schemes may be problematic in large, distributed settings. To date, several certificate frameworks (Ellison, 1999, Kent, 1993 and Zimmermann, 1995) and revocation mechanisms (Iliadis et al., 2000, Stubblebine, 1995 and Wright et al., 2001) have been proposed and extensively studied. What interests us here is an orthogonal aspect of certificate management, which has received considerably less attention, namely the formulation and enforcement of policies governing certification and revocation.

Creation and revocation of digital certificates are one of the most complex aspects of distributed access control. Usually certificate management is performed manually, by trusted agents, and it is rarely formalized. We contend that such an approach is expensive, error-prone and might impose a high degree of strain on a system. To deal with these problems we argue that creation and revocation of certificates should be formalized, and enforced by a general mechanism. This paper proposes a formulation for certificate management policies and a framework for their support. In this framework, certificate management policies are enforced by generic policy engines, wrapped around certification authorities and revocation servers. The proposed framework has several important benefits. First, the language proposed here for expressing certificate management regulations is expressive enough to support a wide category of policies. Moreover, the experimental results have shown that this formulation lends itself to efficient enforcement. Second, the mechanism is easy do deploy, requiring no modifications of PK-servers. Finally, wrapping PK-servers with programmable, generic policy engines makes possible to extend the functionality of these servers, in an easy, unobtrusive manner.