Generic support for PKIX certificate management in CDSA

Author

Erfani, Shabnam ; Chandersekaran, Sekar

fYear

1999

fDate

1999

Firstpage

269

Lastpage

275

Abstract

The Common Data Security Architecture (CDSA) from the Open Group is a flexible standard that defines APIs for security services needed for implementing public key infrastructure (PKI). The emerging IETF public key infrastructure (PKIX) standards provide certificate management protocols geared reward the Internet. The PKIX specifications define the expected behavior of the PKI, but do not provide abstractions that can be used by exploiting applications. In this paper we show the feasibility and design methodology of extending CDSA abstractions to support PKIX certificate management. To achieve this, we model a general, end-to-end system architecture based on CDSA that 0 PKIX certificate management model, and discuss the merits of this system from the application and system architecture perspectives. We conclude the paper with a discussion of the resulted generic CDSA version 2.0 API that support PKIX certificate management model

Keywords

Internet; application program interfaces; certification; public key cryptography; APIs; Common Data Security Architecture; IETF public key infrastructure standards; Internet; Open Group; PKIX certificate management; certificate management protocols; end-to-end system architecture; flexible standard; public key infrastructure; security services; system architecture; Application software; Data security; Design methodology; Internet; Libraries; Protocols; Public key cryptography; Read only memory; Runtime; Software maintenance;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Applications Conference, 1999. (ACSAC '99) Proceedings. 15th Annual

Conference_Location

Phoenix, AZ

ISSN

1063-9527

Print_ISBN

0-7695-0346-2

Type

conf

DOI

10.1109/CSAC.1999.816036

Filename

816036