resource query authority
play

Resource Query Authority 11 th TF-EMC2 Meeting 9-10 July, 2008, - PowerPoint PPT Presentation

Nov 15, 2022 •348 likes •531 views

Dartmouth College Massimiliano Pala <pala@cs.dartmouth.edu> Proposal for Deploying a PKI Resource Query Authority 11 th TF-EMC2 Meeting 9-10 July, 2008, Umea, Sweden 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden Outline

  1. Dartmouth College Massimiliano Pala <pala@cs.dartmouth.edu> Proposal for Deploying a PKI Resource Query Authority 11 th TF-EMC2 Meeting 9-10 July, 2008, Umea, Sweden 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  2. Outline • Introduction – Introduction & Motivations – Current Solutions & Limitations • Protocol Details – PKI Resource Query Protocol – Resource Query Authority Deployment • Conclusions – Implementation Details – Future Work 2 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  3. Simple Questions (?) Where can I ask for a certificate revocation ? Where do I apply for a new Certificate ? Where do I find the Certificates repository ? 3 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  4. PKI Resource Discovery Enhance Interoperability across PKIs • Ease PKI Management Issues • – Now connected to certificates' contents Foster simpler User Interfaces (UI) • – User awareness Issues • Usability of PKIs 4 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  5. Current Solutions • Certificate Extensions DNS Records • Webservices • Local Network Oriented Solutions • 5 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  6. The Proposed Solution The PKI Resources Query Protocol • Allows a client to request services and repositories URL • associated with a CA • Provides “discovery” for any services (current and future): – Repositories (CRLs and Certs) – Validation Services (OCSP, SCVP, etc...) – Other Services (TimeStamping, Revocation, Subscription, etc... ) – Future services 6 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  7. Status of PRQP The PKI Resources Query Protocol (PRQP) is undergoing • the final call to be accepted as a working item of the PKIX work group (IETF) • The I-D is currently available as <draft-pala- prqp-01.txt> from IETF • We hope to push PRQP on the standard track as soon as possible 7 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  8. PRQP in a “Nut”Shell Simple client-server protocol • The server is the Resource Query Authority • – It is certified by a CA to provide PRQP responses (exactly as an OCSP is authorized to provide OCSP responses) – Can provide responses for multiple CAs • Trusted Mode • Multiple Certificates from different Cas “Where can I find service “X” related to CA “Y” • – “Service “X” from CA “Y” can be found at this URL 8 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  9. The Request Query Authority Authority designated to answer to PKI Resource • Location Resource Additional step: PRQP is used to Query discover the URL of the Authority Validation Service (OCSP) for the presented Client Certificate (3) (2) Validation App. Service (4) (1) Client Certificate 9 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  10. Examples PKIX Services • – id-ad-prqp – id-ad-prqp-ocsp – id-ad-prqp-caIssuers – id-ad-prqp-timestamping – Id-ad-prqp-dvcs – Id-ad-prqp-caRepository • HTTP (Browser) services – id-ad-prqp-http-certs --- HTTP cert repository – id-ad-prqp-http-crls --- HTTP CRL URL – id-ad-prqp-xkmsGateway --- XKMS Gateway – id-ad-prqp-cmsGateway --- CMS Gateway 10 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  11. Examples (2) Certificate Policies • – Id-ad-prqp-certPolicy --- Certificate Policy (CP) URL – Id-ad-prqp-certPracticesStatement --- Certification Practices Statement (CPS) URL Level Of Assurance • – id-ad-prqp-certLOAPolicy --- LOA Policy URL – id-ad-prqp-certLOALevel --- Certificate LOA Modifier URL HTTP (Browsers) based services • – id-ad-prqp-httpRevokeCertificate --- HTTP Based Certificate Revocation Service – id-ad-prqp-httpRequestCertificate --- HTTP Based Certificate Request Service 11 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  12. Examples (3) Grid Specific Services • – Id-ad-prqp-grid-accreditationBody --- CA Accreditation Body(s) – id-ad-prqp-grid-accreditationPolicy --- CA Accreditation Policy Document(s) – id-ad-prqp-grid-accreditationStatus --- CA Accreditation Status Document(s) – id-ad-prqp-grid-commonDistributionUpdate --- Grid Distribution Package(s) – id-ad-prqp-grid-accreditedCACerts --- Certificates of Currently Accredited CAs – Id-ad-prqp-certPolicy --- Certificate Policy (CP) URL – Id-ad-prqp-certPracticesStatement --- Certification Practices Statement (CPS) URL 12 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  13. Deployment Plans TACAR provides trusted certificate repository and • information for many CAs • We propose to run an RQA that will provide support for all the TACAR's CAs The Server will be hosted at Dartmouth College • Two Options • – Operating as a Trusted Responder – Getting a Certificate from each CA that wish to participate in TACAR's RQA We will need to define the policies for CAs admins to • update information related to their CAs – Probably by using an authenticated upload (web) form • A web-based client will be setup 13 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  14. Implementation Details PRQP API included into LibPKI (v0.1.9) • – Provides easy-to-use functionality • PRQP_REQUEST_new_cacert_file() Available for any UniX based system (eg., Linux, • Solaris8-10, OpenSolaris, BSD, MacOS, iPhoneOS2.0, etc... ) • PRQP Server (available version at OpenCA) – Based on OpenCA OCSPD – Implements PRQP over HTTP – Supports multiple CA 14 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  15. Conclusions • PRQP provides/is: – Dynamic Solution – Fast and easy to implement – Specific solution for the problem – Ease rollover of services – Supported in LibPKI (Easy-to-use PKI library) • Initial support for a PKI Discovery Infrastructure for TACAR – Allow writing applications that make use of the deployed infrastructure – Provide us with valuable feedback to improve current specification 15 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  16. Future Works • PKI Usability and Interoperability project at Dartmouth College: – Extending the PRQP to a Peer-2-Peer Authenticated Network (for inter-federation PRQP support) – Already published a paper at EuroPKI (PEACHES and Peers) 16 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  17. ? ?? ?? ? ? ? Questions ? ? ?? ? ? ? ? 17 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  18. Thank You! Contacts: • Massimiliano Pala <pala@cs.dartmouth.edu> OpenCA <project.manager@openca.org> • Website http://mm.cs.dartmouth.edu/prqp/ (DEMO) https://www.openca.org/projects/prqpd/ 18 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

z Towards Plan-aware Resource Allocation in Serverless Query Processing Malay Bag Alekh Jindal

z Towards Plan-aware Resource Allocation in Serverless Query Processing Malay Bag Alekh Jindal

z Towards Plan-aware Resource Allocation in Serverless Query Processing Malay Bag Alekh Jindal z Hiren Patel z Resour ource Alloc ocati tion Issue ue in Serverless Query Processing Hard to estimate resource requirement at compile

673 views • 11 slides
Well Permitting &amp; Approvals Thomas Donohue, PG Authority? Authority? Most of our authority

Well Permitting &amp; Approvals Thomas Donohue, PG Authority? Authority? Most of our authority

Well Permitting &amp; Approvals Thomas Donohue, PG Authority? Authority? Most of our authority comes from: Act 223 Pennsylvanias Oil and Gas Act Act 214 Coal and Gas Resource Coordination Act Act 359 Oil and Gas Conservation Law

764 views • 30 slides
Uniform Resource Locators (URLs) Scheme Port Number Query

Uniform Resource Locators (URLs) Scheme Port Number Query

Uniform Resource Locators (URLs) Scheme Port Number Query http://www.company.com:81/a/b/c.html?user=Alice&amp;year=2008#p2 Host Name Hierarchical portion Fragment CS 142 Lecture Notes: URLs and Links Slide 1 &lt;a&gt; Examples Full

315 views • 4 slides
Query Processing, Resource Management, And Approximation in a Data Stream Management System

Query Processing, Resource Management, And Approximation in a Data Stream Management System

Query Processing, Resource Management, And Approximation in a Data Stream Management System Kevin Hoeschele Archana Joshi References R. Motwani, J. Widom, A. Arasu, B. Babcock, S. Babu, M. Datar, G. Manku, C. Olston, J. Rosenstein and R.

559 views • 23 slides
Improve Query Performance with the Query Log Analyzer Kees Vegter Field Engineer Query Log

Improve Query Performance with the Query Log Analyzer Kees Vegter Field Engineer Query Log

Improve Query Performance with the Query Log Analyzer Kees Vegter Field Engineer Query Log Analyzer kees@neo4j.com Query Log dbms.logs.query.enabled=true # If the execution of query takes more time than this threshold, # the query is

1.12k views • 27 slides
Query Processing Relevance feedback; query expansion; Web Search 1 Overview Indexes Query

Query Processing Relevance feedback; query expansion; Web Search 1 Overview Indexes Query

Query Processing Relevance feedback; query expansion; Web Search 1 Overview Indexes Query Indexi xing Ranki king Applica cation Results Documents User Information Query y Query analys ysis proce cess ssing Multimedia

740 views • 32 slides
Query Op)miza)on 1 Query op)miza)on Given an SQL query,

Query Op)miza)on 1 Query op)miza)on Given an SQL query,

Query Op)miza)on 1 Query op)miza)on Given an SQL query, the query op)mizer tries to figure out the order of opera)ons that will make the

550 views • 23 slides
Query Answering in (Resource-Based) answer set semantics Stefania Costantini and Andrea

Query Answering in (Resource-Based) answer set semantics Stefania Costantini and Andrea

Query Answering in (Resource-Based) answer set semantics Stefania Costantini and Andrea Formisano University of L Aquila and University of Perugia, Italy LRC15, Corunna, Spain Speaker: Stefania Answer Set Semantics The answer set

515 views • 23 slides
Query Execu*on Declara*ve Query (SQL) We start from

Query Execu*on Declara*ve Query (SQL) We start from

SQL The Query Language R &amp; G - Chapter 5 2 Query Execu*on Declara*ve Query (SQL) We start from here Query Op*miza*on and Execu*on (Rela*onal)

808 views • 44 slides
Query Execution 2 and Query Optimization Instructor: Matei Zaharia cs245.stanford.edu Query

Query Execution 2 and Query Optimization Instructor: Matei Zaharia cs245.stanford.edu Query

Query Execution 2 and Query Optimization Instructor: Matei Zaharia cs245.stanford.edu Query Execution Overview Query representation (e.g. SQL) Logical query plan (e.g. relational algebra) Query optimization Optimized logical plan Physical

1.17k views • 92 slides
Query Execu:on Declara:ve Query (SQL) We start from

Query Execu:on Declara:ve Query (SQL) We start from

SQL III The Query Language R &amp; G - Chapter 5 Based on Slides from UC Berkeley and book. Query Execu:on Declara:ve Query (SQL) We start from here

1.02k views • 64 slides
Query Execu:on Declara:ve Query (SQL) We start from

Query Execu:on Declara:ve Query (SQL) We start from

SQL The Query Language R &amp; G - Chapter 5 Based on Slides from UC Berkeley and book. 2 Query Execu:on Declara:ve Query (SQL) We start from

689 views • 34 slides
Query Understanding: A Manifesto Daniel Tunkelang queryunderstanding.com Overview What is

Query Understanding: A Manifesto Daniel Tunkelang queryunderstanding.com Overview What is

Query Understanding: A Manifesto Daniel Tunkelang queryunderstanding.com Overview What is query understanding? Query performance prediction. Query rewriting. Query suggestions. Search is a conversation. tl;dr: Query

940 views • 37 slides
Perfect Query FORMULA 5 critical sections in every successful query letter (c) 2019

Perfect Query FORMULA 5 critical sections in every successful query letter (c) 2019

Perfect Query FORMULA 5 critical sections in every successful query letter (c) 2019 GetaBookDeal101.com is this you Why am I not hearing back? the query conundrum giving up too early the query conundrum blaming the system the query

974 views • 61 slides
Module 13: Optimizing Query Performance Overview Introduction to the Query Optimizer

Module 13: Optimizing Query Performance Overview Introduction to the Query Optimizer

Module 13: Optimizing Query Performance Overview Introduction to the Query Optimizer Obtaining Execution Plan Information Using an Index to Cover a Query Indexing Strategies Overriding the Query Optimizer Introduction to

450 views • 34 slides
Introduction Query Execution Engine Implements a set of physical operators 2 key

Introduction Query Execution Engine Implements a set of physical operators 2 key

Overview of Query Optimization in Relational Systems An overview of current query optimization techniques Overview of Query Optimization Provides fundamentals of query in Relational Systems optimization Presenter: Albert Wong

294 views • 4 slides
Accountable Certificate Management using Undeniable Attestations Ahto Buldas K uberneetika AS

Accountable Certificate Management using Undeniable Attestations Ahto Buldas K uberneetika AS

Accountable Certificate Management using Undeniable Attestations Ahto Buldas K uberneetika AS (Estonia) &amp; U. of Tartu (Estonia) ahto.buldas@cyber.ee Peeter Laud Universit at des Saarlandes (Germany) laud@cs.uni-sb.de Helger Lipmaa

366 views • 17 slides
Secure Vehicular Communication System: Design &amp; Implementation of VPKI (Providing Credential

Secure Vehicular Communication System: Design &amp; Implementation of VPKI (Providing Credential

Secure Vehicular Communication System: Design &amp; Implementation of VPKI (Providing Credential Management in a Secure VANET) Supervisor: MSc Thesis: Prof. Panos Papadimitratos Mohammad Khodaei LCN KTH October, 2012 1 / 38 Outline

519 views • 48 slides
Enforcing honesty of certification authorities: Tagged one-time signature schemes Bertram

Enforcing honesty of certification authorities: Tagged one-time signature schemes Bertram

Enforcing honesty of certification authorities: Tagged one-time signature schemes Bertram Poettering and Douglas Stebila Information Security Group Royal Holloway, University of London bertram.poettering@rhul.ac.uk Stanford, January 11, 2013

454 views • 41 slides
W3C Workshop on Next Steps for XML Signature and XML Encryption The importance of incorporating

W3C Workshop on Next Steps for XML Signature and XML Encryption The importance of incorporating

W3C Workshop on Next Steps for XML Signature and XML Encryption The importance of incorporating XAdES extensions into ongoing XML-Sig work Authors: Juan Carlos Cruellas Universitad Politcnica de Catalua cruellas@ac.upc.edu Giles

404 views • 29 slides
CS 528 Mobile and Ubiquitous Computing Lecture 6: Maps, Sensors, Widget Catalog and Presentations

CS 528 Mobile and Ubiquitous Computing Lecture 6: Maps, Sensors, Widget Catalog and Presentations

CS 528 Mobile and Ubiquitous Computing Lecture 6: Maps, Sensors, Widget Catalog and Presentations Emmanuel Agu Using Maps Introducing MapView and Map Activity MapView: UI widget that displays maps MapActivity: java class (extends

987 views • 74 slides
Time-to-Live TLV for LSP-Ping draft-ietf-mpls-lsp-ping-ttl-tlv-01 Sami Boutros

Time-to-Live TLV for LSP-Ping draft-ietf-mpls-lsp-ping-ttl-tlv-01 Sami Boutros

Time-to-Live TLV for LSP-Ping draft-ietf-mpls-lsp-ping-ttl-tlv-01 Sami Boutros Siva Sivabalan George Swallow Vishwas Manral Shaleen Saxena Sam Aldrin Michael Wildt Background The draft

329 views • 5 slides
Metaphor (and Metonymy) March 6, 2017 Next Assignments FST regression test suite FST

Metaphor (and Metonymy) March 6, 2017 Next Assignments FST regression test suite FST

Metaphor (and Metonymy) March 6, 2017 Next Assignments FST regression test suite FST Chat Bot Movie Scene/Narrative For Chat Bot and Movie Scene/Narrative, move beyond morpho-syntax (how language is formed) to look at how

667 views • 31 slides
Live Green Eric Frew and Sriram Sankaranarayanan University of Colorado, Boulder FMCAD18

Live Green Eric Frew and Sriram Sankaranarayanan University of Colorado, Boulder FMCAD18

Run-time Assurance for UAVs using Stochastic Modeling and Reachability Analysis Hansol Yoon, Yi Chou, Live Green Eric Frew and Sriram Sankaranarayanan University of Colorado, Boulder FMCAD18 Student Forum October 31, 2018 * Unmanned

479 views • 4 slides

More recommend