Security policy space definition and structuring
Computer Standards & Interfaces
DocBook: The Definitive Guide with CD-ROM
DocBook: The Definitive Guide with CD-ROM
Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure
Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure
Policy formalization to combine separate systems into larger connected network of trust
net-Con '02 Proceedings of the IFIP TC6 / WG6.2 & WG6.7 Conference on Network Control and Engineering for QoS, Security and Mobility
RBAC Policies in XML for X.509 Based Privilege Management
SEC '02 Proceedings of the IFIP TC11 17th International Conference on Information Security: Visions and Perspectives
SNDSS '95 Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95)
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Extending PKI Interoperability in Computational Grids
CCGRID '08 Proceedings of the 2008 Eighth IEEE International Symposium on Cluster Computing and the Grid
An innovative policy-based cross certification methodology for public key infrastructures
EuroPKI'05 Proceedings of the Second European conference on Public Key Infrastructure
A formalisation and evaluation of certificate policies
Computer Communications
EuroPKI'07 Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice
Computational techniques for increasing PKI policy comprehension by human analysts
Proceedings of the 9th Symposium on Identity and Trust on the Internet
Using hierarchal change mining to manage network security policy evolution
Hot-ICE'11 Proceedings of the 11th USENIX conference on Hot topics in management of internet, cloud, and enterprise networks and services
Hi-index | 0.00 |
The trustworthiness of any Public Key Infrastructure (PKI) rests upon the expectations for trust, and the degree to which those expectations are met. Policies, whether implicit as in PGP and SDSI/SPKI or explicitly required as in X.509, document expectations for trust in a PKI. The widespread use of X.509 in the context of global e-Science infrastructures, financial institutions, and the U.S. Federal government demands efficient, transparent, and reproducible policy decisions. Since current manual processes fall short of these goals, we designed, built, and tested computational tools to process the citation schemes of X.509 certificate policies defined in RFC 2527 and RFC 3647. Our PKI Policy Repository, PolicyBuilder, and PolicyReporter improve the consistency of certificate policy operations as actually practiced in compliance audits, grid accreditation, and policy mapping for bridging PKIs. Anecdotal and experimental evaluation of our tools on real-world tasks establishes their actual utility and suggests how machine-actionable policy might empower individuals to make informed trust decisions in the future.