Applying lightweight directory access protocol service on session certification authority
نویسندگان
چکیده
Lightweight Directory Access Protocol (LDAP) service is a new technology being applied on the Internet. On largescale network systems using Transmission control protocol (TCP)/Internet protocol (IP), there is no standard suggested for single directory––certainly without one to be routinely used on the scale of intranets. LDAP service has many great features, such as providing quick and advanced search, quick response and hierarchy view of data. It also can be utilized to many different applications. Certification Authority (CA) is a trusted system, and it plays an important role just like a notary bridging between end-entities and helps end-entities to establish a secure environment. If someone wants to trade or communicate with others, he or she needs the certificate issued by the CA to help him or her get the trust from others. When a number of end-entities need this service, the load of CA may become huge. Using distributed CAs may sound like a good idea, but it costs too much. In this paper, we have designed a Session CA using a directory system to share its load without the necessity to maintain the Certificate Revocation List (CRL) because the lifetime of the attribute certificate is very short. With these great features of LDAP service mentioned above, it becomes desirable that we can apply them to design a new CA system. By using LDAP service, we can reduce the load of certification significantly between CA and endentity. In addition, this new technology can reduce the maintenance work of administration and improve the efficiency of our new proposed CA. Furthermore, combining with Role-Based Access Control (RBAC) and attribute certificate, the security of our system is greatly improved. 2001 Elsevier Science B.V. All rights reserved.
منابع مشابه
Lightweight Directory Access Protocol
We survey the history, development and usage of directory services based on the Lightweight Directory Access Protocol (LDAP). We present a summary of the naming model, the schema model, the principal service models, and the main protocol interactions in terms of a C language application programming interface.
متن کاملINTERNET - DRAFT Kurt
This document provides procedures for registering extensible elements of LDAP (Lightweight Directory Access Protocol). The document also provides guidelines to IANA (Internet Assigned Numbers Authority) describing conditions under which new values can be assigned. Zeilenga IANA Considerations for LDAP [Page 1] INTERNET-DRAFT draft-ietf-ldapbis-iana-05.txt 20 December 2001
متن کاملOracle Identity Management: Integration with Windows
INTRODUCTION Oracle Identity Management is an integrated, scalable and robust identity management infrastructure. Oracle Identity Management includes an LDAP directory service, directory integration and provisioning services, a delegated administration service application, authentication and authorization services, and an X.509 V3 certificate authority. Key benefits of Oracle Identity Managemen...
متن کاملConsiderations for Lightweight Directory Access Protocol (LDAP) Extensions
The Lightweight Directory Access Protocol (LDAP) is extensible. It provides mechanisms for adding new operations, extending existing operations, and expanding user and system schemas. This document discusses considerations for designers of LDAP extensions.
متن کاملDistribution of this memo is unlimited. Technical discussion of this
The Lightweight Directory Access Protocol (LDAP) is an Internet protocol for accessing distributed directory services which act in accordance with X.500 data and service models. This document describes the X.500 Directory Information Models, as used in LDAP. Table of
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Computer Networks
دوره 38 شماره
صفحات -
تاریخ انتشار 2002