Companies and organizations employ PKI technology to secure the communication in their intranets and over the internet. The services of authentication, non-repudiation, condentiality and the transport of authorization information are often supported by X.509 certicates. The synchronization of the certicates' life-cycle with the management of the PKI users is a common problem. We propose a mechanism to achieve this synchronization based on directory services. This enables to transparently update the information provided by the PKI and offers a high potential for automation. The mechanism spares personnel and is less error-prone, since it relies on processes and data that are already established. It reduces the costs to bootstrap and operate the infrastructure. We show a case study on the proposed mechanism that was conducted at the Technische Universität Darmstadt in Germany in order to supply 20,000 students with certicates and keys.
Abstract. We present a framework for extending the functionality of LDAP servers from their typical use as a public directory in public key infrastructures. In this framework the LDAP servers are used for administrating infrastructure processes. One application of this framework is a method for providing proof-of-possession, especially in the case of encryption keys. Another one is the secure delivery of software personal security environments.
Abstract. Despite the introduction of information technologies in governmental administrations, most bureaucratic processes are still paperbased. In this paper we present a framework to transfer conventional, paper-based processes to electronic workflows. Thereby, the transformation to e-Government applications has two challenges. First, to find an equivalent description for the single activities and their interaction for defining the entire process. Second, to ensure the security of the process. We identified four types of activities that can be used as basic components for the workflows considered in our work. The security aspects of the electronic representation are ensured by further framework components, for example authentication or authorization. Finally, we present how this framework can be used for other scenarios and discuss some details of our prototype implementation.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.