A new approach to the X.509 framework: allowing a global authentication infrastructure without a global trust model

摘要

Isolated network are currently being integrated in order to create a universal and virtual inter-network. In this context, the existence of a common authentication infrastructure is extremely important. CCITT Recommendation X.509 defines a public key-based "Authentication Framework" in which the Directory Service can be used to provide key management facilities for open applications. We propose a new approach to X.509 comprising a modular reorganization of the overall system and mechanisms allowing the realization of a global infrastructure for the deployment of authentication-based secure services. These mechanisms aim to complete the X.509 framework so as to rectify some open issues of the approach in order to allow the support of a multitude of trust models while respecting each security domain's certificates validation criteria. We first discuss aspects related to authentication data retrieval and validation with respect to X.509. Then we give an overview of the overall approach, and emphasize its more relevant aspects and mechanisms while describing the applicability of our approach with respect to security architectures and current trust models. Finally, we conclude the paper describing the applicability of our approach in a open and heterogeneous environment.