A Secure Access Control Mechanism Web Service-based in Extended Organization PKI Networks

Organizations use PKI (Public Key Infrastructures) to support internal business processes, but some businesses have industrial partnerships with others, and these alliances can exploit B2B (Business to Business) e-commerce capabilities by connecting corporate PKI. The paper deals with two methods to realize access control in extended organization PKI business processes: BCAs (Bridge Certification Authority) create a combined multi-enterprise PKI at the cost of increased complexity when evaluating the acceptability of certificates. But today’s COTS (Commercial Off-The-Shelf) products are not entirely prepared to meet the challenges of bridge-connected PKIs. The paper focuses on designing a secure access control mechanism in extended organization PKI networks based on web service. The secure access control mechanism has integrated the role-based access control in X.509v4 PMI (Privilege Management Infrastructure) with the XML (Extensible Markup Language) security solution. The paper proposes the access control mechanism and realization technology in details, and some measures to improve the system’s running efficiency are suggested.