Title :
Generic support for PKIX certificate management in CDSA
Author :
Erfani, Shabnam ; Chandersekaran, Sekar
Abstract :
The Common Data Security Architecture (CDSA) from the Open Group is a flexible standard that defines APIs for security services needed for implementing public key infrastructure (PKI). The emerging IETF public key infrastructure (PKIX) standards provide certificate management protocols geared reward the Internet. The PKIX specifications define the expected behavior of the PKI, but do not provide abstractions that can be used by exploiting applications. In this paper we show the feasibility and design methodology of extending CDSA abstractions to support PKIX certificate management. To achieve this, we model a general, end-to-end system architecture based on CDSA that 0 PKIX certificate management model, and discuss the merits of this system from the application and system architecture perspectives. We conclude the paper with a discussion of the resulted generic CDSA version 2.0 API that support PKIX certificate management model
Keywords :
Internet; application program interfaces; certification; public key cryptography; APIs; Common Data Security Architecture; IETF public key infrastructure standards; Internet; Open Group; PKIX certificate management; certificate management protocols; end-to-end system architecture; flexible standard; public key infrastructure; security services; system architecture; Application software; Data security; Design methodology; Internet; Libraries; Protocols; Public key cryptography; Read only memory; Runtime; Software maintenance;
Conference_Titel :
Computer Security Applications Conference, 1999. (ACSAC '99) Proceedings. 15th Annual
Conference_Location :
Phoenix, AZ
Print_ISBN :
0-7695-0346-2
DOI :
10.1109/CSAC.1999.816036
