%0 Book Section %1 Chad_2003 %A Chadwick, David W. %B Proceedings of the NATO Advanced Networking Workshop on Advanced Security Technologies in Networking, Bled, Slovenia %D 2003 %E Jerman-Blazic, Wolfgang Schneider Borka %E Klobucar, Tomaz %I IOS Press %K X.509 ac attribute_certificates certificates pmi privilege_management_infrastructure %P 1525 %T The X.509 Privilege Management Infrastructure %U http://www.cs.kent.ac.uk/pubs/2003/2124/ %X This paper provides an overview of the Privilege Management Infrastructure (PMI) introduced in the 2000 edition of X.509. It describes the entities in the infrastructure: Sources of Authority, Attribute Authorities and Privilege Holders, as well as the basic data structure - the attribute certificate - that is used to hold privileges. The contents of attribute certificates are described in detail, including the various policy related extensions that may be added to them. The similarities between PMIs and PKIs are highlighted. The paper also describes how attribute certificates can be used to implement the three well known access control schemes: DAC, MAC and RBAC. Finally the paper gives an overview of how a privilege verifier might operate, and the various types of information that need to be provided to it.

@incollection{Chad_2003, abstract = {This paper provides an overview of the Privilege Management Infrastructure (PMI) introduced in the 2000 edition of X.509. It describes the entities in the infrastructure: Sources of Authority, Attribute Authorities and Privilege Holders, as well as the basic data structure - the attribute certificate - that is used to hold privileges. The contents of attribute certificates are described in detail, including the various policy related extensions that may be added to them. The similarities between PMIs and PKIs are highlighted. The paper also describes how attribute certificates can be used to implement the three well known access control schemes: DAC, MAC and RBAC. Finally the paper gives an overview of how a privilege verifier might operate, and the various types of information that need to be provided to it. }, added-at = {2008-06-04T18:46:29.000+0200}, author = {Chadwick, David W.}, biburl = {https://www.bibsonomy.org/bibtex/28e5b20c2a7ee0ebe9779e81970d75e4f/dawinci}, booktitle = {Proceedings of the NATO Advanced Networking Workshop on Advanced Security Technologies in Networking, Bled, Slovenia}, editor = {Jerman-Blazic, Wolfgang Schneider Borka and Klobucar, Tomaz}, interhash = {8d82b80b6f16a30c50e3115b0b662d62}, intrahash = {8e5b20c2a7ee0ebe9779e81970d75e4f}, keywords = {X.509 ac attribute_certificates certificates pmi privilege_management_infrastructure}, month = {June}, pages = 1525, publisher = {IOS Press}, timestamp = {2008-06-04T18:46:30.000+0200}, title = {The {X.509} Privilege Management Infrastructure}, url = {http://www.cs.kent.ac.uk/pubs/2003/2124/}, year = 2003 }