23 research outputs found
Internet X.509 Public Key Infrastructure Operational Protocols -- LDAPv3
This document describes the features of the Lightweight Directory Access Protocol v3 that are needed in order to support a public key infrastructure based on X.509 certificates and CRLs
The PERMIS X.509 Based Privilege Management Infrastructure
This document describes the PERMIS X.509 Based Privilege Management Infrastructure, which is a trust management system as described in RFC 2704 [2]. The PERMIS Infrastructure is compared with the AAA Authorisation Framework described in RFC 2904 [4], and is shown to be compatible with it
Enabling the Internet White Pages Service -- the Directory Guardian
The Internet White Pages Service (IWPS) has been slow
to materialise for many reasons. One of them is the
security concerns that organisations have, over allowing
the public to gain access to either their Intranet or their
directory database. The Directory Guardian is a firewall
application proxy for X.500 and LDAP protocols that is
designed to alleviate these fears. Sitting in the firewall
system, it filters directory protocol messages passing into
and out of the Intranet, allowing security administrators
to carefully control the amount of directory information
that is released to the outside world. This paper describes
the design of our Guardian system, and shows how
relatively easy it is to configure its filtering capabilities.
Finally the paper describes the working demonstration of
the Guardian that was built for the 1997 World
Electronic Messaging Association directory challenge.
This linked the WEMA directory to the NameFLOWParadise
Internet directory, and demonstrated some of
the powerful filtering capabilities of the Guardian
IVOA Recommendation: IVOA Credential Delegation Protocol Version 1.0
The credential delegation protocol allows a client program to delegate a
user's credentials to a service such that that service may make requests of
other services in the name of that user. The protocol defines a REST service
that works alongside other IVO services to enable such a delegation in a secure
manner. In addition to defining the specifics of the service protocol, this
document describes how a delegation service is registered in an IVOA registry
along with the services it supports. The specification also explains how one
can determine from a service registration that it requires the use of a
supporting delegation service