Access control and authorization technologies are intensively studied nowadays, as they stay at the basis of web-based services, but also in other emerging networks, such as smart cities, Internet of Things and grid computing. To support authorization, the X.509 attributes certificates (associated with corresponding public key certificates) may be employed. The attribute certificates must be properly verified before granting access to the services or (data) objects. This process implies several steps, including formal validity of the attribute certificate and the control of the privileges corresponding to the data contained in the certificate itself. The X.509 standard indicates a dedicated entity, named privilege verifier, in charge of performing these controls before granting access to an object to a privilege holder. This paper describes a possible implementation of a privilege verifier, which exploits a dedicated Attribute Certificate Validation Module (ACVM) to verify attribute certificates. In our approach, we reduce the complexity of the ACVM, which must support also the validation of the public key certificates associated with the attribute certificates, with the help of a specialized public key certificate validation service provided by a client-server architecture we have previously implemented.

Verification of X.509 Attribute Certificates for Attribute-based Authorization: A Practical Approach / Berbecaru, D.. - ELETTRONICO. - (2021), pp. 346-351. (Intervento presentato al convegno 25th International Conference on System Theory, Control and Computing, ICSTCC 2021 tenutosi a Iași (Romania) nel October 20 – 23, 2021) [10.1109/ICSTCC52150.2021.9607273].

Verification of X.509 Attribute Certificates for Attribute-based Authorization: A Practical Approach

Berbecaru D.
2021

Abstract

Access control and authorization technologies are intensively studied nowadays, as they stay at the basis of web-based services, but also in other emerging networks, such as smart cities, Internet of Things and grid computing. To support authorization, the X.509 attributes certificates (associated with corresponding public key certificates) may be employed. The attribute certificates must be properly verified before granting access to the services or (data) objects. This process implies several steps, including formal validity of the attribute certificate and the control of the privileges corresponding to the data contained in the certificate itself. The X.509 standard indicates a dedicated entity, named privilege verifier, in charge of performing these controls before granting access to an object to a privilege holder. This paper describes a possible implementation of a privilege verifier, which exploits a dedicated Attribute Certificate Validation Module (ACVM) to verify attribute certificates. In our approach, we reduce the complexity of the ACVM, which must support also the validation of the public key certificates associated with the attribute certificates, with the help of a specialized public key certificate validation service provided by a client-server architecture we have previously implemented.
2021
978-1-6654-1496-8
File in questo prodotto:
File Dimensione Formato  
Verification_of_X.509_Attribute_Certificates_for_Attribute-based_Authorization_A_Practical_Approach.pdf

non disponibili

Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 402.75 kB
Formato Adobe PDF
402.75 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2963680