Internet Archive Scholar

A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed Infrastructures for Academic Research

Eisaku Sakane, Takeshi Nishimura, Kento Aida
2017 Proceedings of International Symposium on Grids and Clouds (ISGC) 2016 — PoS(ISGC 2016)   unpublished

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (353.6 kB)
https://web.archive.org/web/20200307122628/https://pos.sissa.it/270/015/pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

Among certification authorities (CAs) in an academic PKI trust federation such as IGTF (Interoperable Global Trust Federation), most of the academic organizations that operate a CA install by themselves the CA equipment in their building. To keep the CA trustworthy, it is necessary to maintain specialized CA equipment and to employ specifically trained operators. The high cost thereby incurred for CA operation weighs heavily on the CA organization. For research institutes whose primary duties
more » ... e not the CA operation, the burden of the high cost of CA operations is an earnest problem, and cost reduction by increasing the efficiency of the operation is an important issue. Instead of focusing on any further operational optimization of a single individual CA, in this paper we will review cost reductions by way of integrating more than one CA in a PKI federation. This paper considers the issuing and registration authorities that constitute a CA, and proposes the following integration model: it integrates the issuing duties, and each organization carries out the registration duties as before. In the proposed model, integrating the issuing duties means that one issuing authority (IA) takes over the duty of the other IA. Since each registration authority (RA) performs the registration duty as usual, most of procedures such as the application process to obtain certificates remain unchanged, so that it does not confuse the users. Based on this proposed model, we discuss how to connect the superseding IA with the RA(β ) operated by the organization that closes its own IA(β ). Among possible connections, we examine not only a direct connection between the superseding IA and the RA(β ) but also a connection putting the RA(α) -operated so far by the organization that operates the remaining IA -inbetween them as a proxy. Furthermore, we augment the certificate policy of the superseding IA so that it is compatible with the policy of the RA(β ). We also discuss an applicability of existing CA profiles such as MICS (Member Integrated Credential Service) profile and its extension.
doi:10.22323/1.270.0015 fatcat:boqtabgy2zexpgm6tkblcbygza
Citation

Eisaku Sakane, Takeshi Nishimura, Kento Aida. "A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed Infrastructures for Academic Research." Proceedings of International Symposium on Grids and Clouds (ISGC) 2016 — PoS(ISGC 2016) (2017)