Infraestructura de Certificación Electrónica de Atributos y Administración de Privilegios Delegables
One of the first tasks in the project PRIVILEGE has been to study and put into perspective the delegation implications of standard schemes that have been proposed in the literature as solutions for distributed authorization problems. As such, we have realized that in PolicyMaker and Keynote schemes, the delegation statement does not exist; that is, any authorization statement can be delegated once and then again without any control. On the other hand, SDSI considers three different possibilities for controlling delegation, although SPKI reduced it to a Boolean condition. Such a Boolean parameter is only a modest mechanism to control the depth of delegation .
Moreover, we proposed a solution to enhance the X.509 attribute certificate in such a way that it becomes a conditionally anonymous attribute certificate. After that, we designed a protocol to obtain such certificates in a way that respects users’ anonymity by using a fair blind signature scheme. We also show how to use such certificates and describe a few cases where problems could arise, identifying some open problems .
- I. Agudo, J. Lopez, and J. A. Montenegro, “A Graphical Delegation Solution for X.509 Attribute Certificates“, ERCIM News, no. 63, ERCIM, pp. 33-34, October, 2005.
- I. Agudo, J. Lopez, J. A. Montenegro, E. Okamoto, and E. Dawson, “Delegation Perspective of Practical Authorization Schemes“, Fifth International Network Conference (INC’05), pp. 157-164, 2005.
- J. Lopez, J. A. Montenegro, and J. M. Troya, “A First Approach to Provide Anonymity in Attribute Certificates“, 2004 International Workshop on Practice and Theory in Public Key Cryptography (PKC’04), LNCS 2947, Springer, pp. 402-415, March, 2004.