Title :
A distributed certificate management system (DCMS) supporting group-based access controls
Author :
Oppliger, Rolf ; Greulich, Andreas ; Trachsel, Peter
Author_Institution :
Swiss Fed. Strategy Unit for Inf. Technol., Berne, Switzerland
Abstract :
Mainly for scalability reasons, many cryptographic security protocols make use of public key cryptography and require the existence of a corresponding public key infrastructure (PKI). A PKI, in turn, consists of one or several certification authorities (CAs) that issue and revoke certificates for users and other CAs. Contrary to its conceptual simplicity, the establishment and operational maintenance of a CA or PKI has aimed our to be difficult in practice. As a viable alternative, this paper proposes an architecture for a distributed certificate management system (DCMS) that can also be used to provide support for group-based access controls. The architecture has been prototyped and is being used by the Swiss Federal Strategy Unit for Information Technology (FSUIT) to protect access to intranet resources
Keywords :
authorisation; certification; computer network management; groupware; intranets; public key cryptography; Swiss Federal Strategy Unit for Information Technology; certification authorities; cryptographic security protocols; distributed certificate management system; group-based access controls; intranet resource access protection; operational maintenance; public key cryptography; public key infrastructure; scalability; Access control; Certification; Content addressable storage; Cryptographic protocols; Information technology; Prototypes; Public key; Public key cryptography; Scalability; Security;
Conference_Titel :
Computer Security Applications Conference, 1999. (ACSAC '99) Proceedings. 15th Annual
Conference_Location :
Phoenix, AZ
Print_ISBN :
0-7695-0346-2
DOI :
10.1109/CSAC.1999.816033
