Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attribute Certificate By Ganesh Godavari. Talk About An Internet Attribute Certificate for Authorization -- RFC 3281.

Published byErik Bell Modified over 9 years ago

Similar presentations

Presentation on theme: "Attribute Certificate By Ganesh Godavari. Talk About An Internet Attribute Certificate for Authorization -- RFC 3281."— Presentation transcript:

1 Attribute Certificate By Ganesh Godavari

2 Talk About An Internet Attribute Certificate for Authorization -- RFC 3281

3 Motivation Understand Attribute Certificate How can they fit into information sharing

4 What are Attribute Certificates (AC) An AC contains no public key like PKC An AC can specify –Group Membership –Role –Security clearance –others

5 5 When should AC be used ? PKC may include life/long lasting attributes. –if the attribute doesn’t expire before the related PKC, then the attribute may be included in the PKC. AC should be used for short lasting attributes: –if the attribute expires before the related PKC, then the attribute should placed in an AC.

6 6 For which security services ACs may be used ? ACs may be used in the context of access control service when the identity is not the criterion that is used for access control decisions, but rather when the role or group-membership of the accessors the criterion used. role-based access control non-repudiation or data origin authentication service. the attributes contained in the AC provide additional information about the signer. This information can be used to make sure that the signer is empowered to sign the data.

7 Digital Certificates Version Serial Number Signature ID Subject Issuer Validity Period Subject Public Key Info Extensions Signature Serial Number Signature ID Holder Issuer Validity Period Attributes Extensions Signature No Public Key AC binds permission (attributes) to an entity PKC binds a subject (DN) to a public key PKC is passport and AC is visa both are complementary Public Key Certificate (PKC) Attribute Certificate (AC)

8 AC Distribution - “pull” vs. “push” AC Issuer Client Repository Server Server Lookup Client Lookup Client Acquisition Server Acquisition AC “push” ( part of app. Protocol)

9 Work need to be done Currently looking into a sample AC so that I can write it in openssl Send out request to steve of openssl group Looking again for more information into the rfc

Download ppt "Attribute Certificate By Ganesh Godavari. Talk About An Internet Attribute Certificate for Authorization -- RFC 3281."

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Introduction of Grid Security

Introduction of Grid Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.

CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.
Cryptography and Network Security

Cryptography and Network Security
OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.

OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.

Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Digital Signatures Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Digital.

Digital Signatures Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Digital.
 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,
Secure Information Sharing Using Attribute Certificates and Role Based Access Control Ganesh Godavari, C. Edward Chow 06/22/2005 University of Colorado.

Secure Information Sharing Using Attribute Certificates and Role Based Access Control Ganesh Godavari, C. Edward Chow 06/22/2005 University of Colorado.
Report on Attribute Certificates By Ganesh Godavari.

Report on Attribute Certificates By Ganesh Godavari.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Haga clic para cambiar el estilo de título Haga clic para modificar el estilo de subtítulo del patrón DIRAC Framework A.Casajus and R.Graciani (Universitat.

Haga clic para cambiar el estilo de título Haga clic para modificar el estilo de subtítulo del patrón DIRAC Framework A.Casajus and R.Graciani (Universitat.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Similar presentations

Ads by Google