A wide-area Distribution Network for free software
ACM Transactions on Internet Technology (TOIT)
Evaluation of certificate validation mechanisms
Computer Communications
Lockr: better privacy for social networks
Proceedings of the 5th international conference on Emerging networking experiments and technologies
Revocation scheme for PMI based upon the tracing of certificates chains
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part IV
Hi-index | 0.00 |
A common way to protect objects in distributed systemsis to issue authorization certificates to users, which theypresent to gain access. In some situations a way is needed torevoke existing certificates. Current methods, such as havinga master revocation list, have been designed to workefficiently with identity certificates, and do not take into accountthe delegation of certificate-issuing rights requiredwhen implementing complex administrative hierarchies forlarge distributed applications. In this paper we presenta novel mechanism for revoking authorization certificatesbased on clustering users and servers, and present argumentsshowing that it is more efficient than other methods.We also discuss a way for probabilistically auditingthe use of the revocation mechanism proposed to reduce thechances of any component behaving maliciously.