標題: | Applying lightweight directory access protocol service on session certification authority |
作者: | Yeh, YS Lai, WS Cheng, CJ 資訊科學與工程研究所 Institute of Computer Science and Engineering |
關鍵字: | lightweight directory access protocols;certification authority;certificate revocation list;role-based access control;attribute certificate |
公開日期: | 5-Apr-2002 |
摘要: | Lightweight Directory Access Protocol (LDAP) service is a new technology being applied on the Internet. On large-scale network systems using Transmission control protocol (TCP)/Internet protocol (IP), there is no standard suggested for single directory-certainly without one to be routinely used on the scale of intranets. LDAP service has many great features, such as providing quick and advanced search, quick response and hierarchy view of data. It also can be utilized to many different applications. Certification Authority (CA) is a trusted system, and it plays an important role just like a notary bridging between end-entities and helps end-entities to establish a secure environment. If someone wants to trade or communicate with others, he or she needs the certificate issued by the CA to help him or her get the trust from others. When a number of end-entities need this service, the load of CA may become huge. Using distributed CAs may sound Eke a good idea, but it costs too much. In this paper, we have designed a Session CA using a directory system to share its load without the necessity to maintain the Certificate Revocation List (CRL) because the lifetime of the attribute certificate is very short. With these great features of LDAP service mentioned above, it becomes desirable that we can apply them to design a new CA system. By using LDAP service, we can reduce the load of certification significantly between CA and endentity. In addition, this new technology can reduce the maintenance work of administration and improve the efficiency of our new proposed CA. Furthermore, combining with Role-Based Access Control (RBAC) and attribute certificate, the security of our system is greatly improved. (C) 2001 Elsevier Science B.V. All rights reserved. |
URI: | http://dx.doi.org/10.1016/S1389-1286(01)00282-1 http://hdl.handle.net/11536/28870 |
ISSN: | 1389-1286 |
DOI: | 10.1016/S1389-1286(01)00282-1 |
期刊: | COMPUTER NETWORKS-THE INTERNATIONAL JOURNAL OF COMPUTER AND TELECOMMUNICATIONS NETWORKING |
Volume: | 38 |
Issue: | 5 |
起始頁: | 675 |
結束頁: | 692 |
Appears in Collections: | Articles |
Files in This Item:
If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.