Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Certificate-based authorization policy in a PKI environment

Journal Article · · ACM Transactions on Information and System Security
 [1]; ;
  1. LBNL Library
+ Show Author Affiliations
The major emphasis of Public Key Infrastructure has been to provide acryptographically secure means of authenticating identities. However, procedures for authorizing the holders of these identities to perform specific actions still need additional research and development. While there are a number of proposed standards for authorization structures and protocols such as KeyNote, SPKI and SAML based on X.509 or other key-based identities, none have been widely adopted. As part of an effort to use X.509 identities to provide authorization in highly distributed environments, we have developed and deployed an authorization service based on X.509 identified users and access policy contained in certificates signed by X.509 identified stakeholders. The major goal of this system, called Akenti, is to produce a usable authorization system for an environment consisting of distributed resources used by geographically and administratively distributed users. Akenti assumes communication between user s and resources over a secure protocol such as Transport Layer Security(TLS) to provide mutual authentication with X.509 certificates. This paper explains the authorization model and policy language used by Akenti, and how we have implemented an Apache authorization module to provide Akenti authorization.
Research Organization:
Ernest Orlando Lawrence Berkeley National Laboratory, Berkeley, CA (US)
Sponsoring Organization:
USDOE Director. Office of Science. Computational and Technology Research (US)
DOE Contract Number:
AC03-76SF00098
OSTI ID:
821027
Report Number(s):
LBNL--51616
Journal Information:
ACM Transactions on Information and System Security, Journal Name: ACM Transactions on Information and System Security Journal Issue: 4 Vol. 6
Country of Publication:
United States
Language:
English

Similar Records

Authorization policy in a PKI environment
Conference · Wed Apr 10 00:00:00 EDT 2002 · OSTI ID:795352
CILogon: A federated X.509 certification authority for cyberinfrastructure logon
Journal Article · Thu Apr 03 20:00:00 EDT 2014 · Concurrency and Computation. Practice and Experience · OSTI ID:1618024
Security Technologies for Open Networking Environments (STONE)
Technical Report · Wed Mar 30 23:00:00 EST 2005 · OSTI ID:894922

Related Subjects

99 GENERAL AND MISCELLANEOUS
AUTHORIZATION SOFTWARE ARCHITECTURES COMPUTER SECURITY PUBLIC KEY INFRASTRUCTURE
COMMUNICATIONS
ISOCHRONOUS CYCLOTRONS
TRANSPORT