ImageVerifierCode 换一换
格式:PDF , 页数:47 ,大小:2.73MB ,
资源ID:735646      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-735646.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ETSI TR 102 044-2002 Electronic Signatures and Infrastructures (ESI) Requirements for Role and Attribute Certificates (V1 1 1)《电子签名和基础结构(ESI) 身份和属性证明要求(版本1 1 1)》.pdf)为本站会员(刘芸)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ETSI TR 102 044-2002 Electronic Signatures and Infrastructures (ESI) Requirements for Role and Attribute Certificates (V1 1 1)《电子签名和基础结构(ESI) 身份和属性证明要求(版本1 1 1)》.pdf

1、ETSI TR 102 044 1.1.1 (2002-12) Technical Repor Electronic Signatures and Infrastructures (ESI); Requirements for role and attribute certificates 2 ETSI TR 102 044 VI .I .I (2002-12) Reference DTR/ESI-000005 Keywords electronic signature, security ETSI 650 Route des Lucioles F-O6921 Sophia Antipolis

2、 Cedex - FRANCE Tel.: +33 4 92 94 42 O0 Fax: +33 4 93 65 47 16 Siret No 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-prfecture de Grasse (06) No 7803/88 Important notice Individual copies of the present document can be downloaded from: http:lwmv.etsi .arq The present

3、 document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of

4、 the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at ha p:/pa rta I. etsi I a rgltb

5、istat uslstatus .as p If you find errors in the present document, send your comment to: Cori vriaht Notifica tion No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. O European Telecommunications Stand

6、ards Institute 2002. All rights reserved. DECTTM, PLUGTESTSTMand UMTSTMare Trade Marks of ETSI registered for the benefit of its Members. TIPHONTM and the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the

7、benefit of its Members and of the 3GPP Organizational Partners. ETSI 3 ETSI TR 102 044 VI .I .I (2002-12) Contents Intellectual Property Rights . .5 Foreword . 5 1 2 3 3.1 3.2 4 5 5.1 5.2 6 6.1 6.2 6.3 6.3.1 6.3.2 7 7.1 7.2 7.2.1 7.2.2 7.2.3 8 8.1 8.2 8.2.1 8.2.2 9 9.1 9.2 9.3 9.4 9.5 9.6 9.7 10 10.

8、1 10.2 11 11.1 11.2 11.3 11.4 11.5 12 12.1 Scope 6 References . .6 Definitions and abbreviations .7 . 7 . 8 Implications from the requirements of the Directive .8 European surveys .9 Personnel certification . 9 Currently implemented attribute certificate usage. 9 Various kinds of attributes . 1 O .

9、10 Group memberships . 10 Roles . . 12 Other authorization information . 12 Proxies . 12 Capabilities . . Claimed and certified attributes . 13 Claimed attributes. 13 Certified Attributes. 13 The Attribute Issuing Authority 13 Directly certified attributes . 14 Verified attributes . 14 Attribute mea

10、ning and representation . .15 Attribute meaning . 15 Attribute represen . 15 Group membership 15 . 15 Other Attribute characteristics . .16 16 16 16 16 17 17 17 Role Attribute life span Attribute certific Attribute certific Attribute revocati cate revocation . Attribute privacy . Ways to acquire att

11、ribute . Delegable attributes . Using Public Key Certificates Using Attribute Certificates Attribute Certificates management .20 Attribute verification by the ACA . 20 Link with a PKC . 20 Attribute Certific cation management 23 Attribute Certificate acquisition . . 23 Attribute delegation managemen

12、t .24 Placement of attributes in certificates .18 18 19 Recommendations . .24 Requirements for Attribute Certificate Policies 24 24 25 12.1.1 Requirements for ACAs . 12.1.2 Requirements for AAS . ETSI 4 ETSI TR 102 044 VI . 1 . 1 (2002-12) 12.2 12.3 12.4 12.5 Definition of cross-European roles . 26

13、Attribute Certificate Profile for Electronic Signatures . 26 Attribute Certificate Acquisition Protocol 27 Criteria for using PKCs or ACs 27 Annex A: Attribute syntax in ASN.l 28 Annex B: Guidelines for the certification of roles in subscription certificates . 30 Annex C: Bibliography 46 History 47

14、ETSI 5 ETSI TR 102 044 VI .I .I (2002-12) Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found

15、in ETSI SR 000 314: “Intellectual Property Rights (7PRs); Essential, orpotentially Essential, IPRs notlJied to ETSI in respect ofETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (5). All published ETSI deliverables shall include infor

16、mation which directs the reader to the above source of information. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). The objective of the present document is to identiSl a set of requirements that will provide a basis

17、on which a subsequent standard can build policy requirements for attributes certified by Attribute Authorities or Certification Authorities either in a subjects PKCs (Public Key Certificates) or in ACs (Attribute Certificates). By attribute it is intended a persons qualification that entitles hidher

18、 to exert specific functions, e.g. CEO from company AAA, doctor in medicine from country BBB, barrister from country CCC, sales director from company DDD, etc. or obtain some privileges, e.g. member from Golf Club EEE, etc. A survey has been made on potential usages of attributes and the outcome has

19、 been that very little attribute usage currently exists, so very little (if any) experience can be draw from the real world. Therefore the present document is based both on the few information received and the best assumptions that could be done on that topic. When no distinction is wished to be mad

20、e between an Attribute Authority and a Certification Authority, the generic term Attribute Certification Authority (ACA) is being used. The findings of the present document are intended mainly for the support of electronic signatures, but nothing prevents them from being used for other reasons, e.g.

21、 for authorization. ETSI 6 ETSI TR 102 044 VI .I .I (2002-12) 1 Scope The present document identifies a set of requirements that will provide a basis for a subsequent standard, which will then build policy requirements for attributes certified by Attribute Authorities or Certification Authorities co

22、mplying with 4 and related standards. In some electronic signature applications, roles and attributes can be exerted only if a claimers right to use them is certified by one competent authority which is trusted by the signed document users. The scope of the present document is to investigate on the

23、attribute certification related topics in order to cover the general use of certified attributes in the context of electronic signatures. Attributes that can be used in such a context can also be used for other reasons, e.g. for authorization. 2 Re fe re nces For the purposes of this Technical Repor

24、t (TR), the following references apply: il 21 31 ETSI TS 101 733: “Electronic Signatures and Infrastructures (ESI); Electronic Signature Formats“. ETSI TR 102 041: “Signature Policies Report“. Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community frame

25、work for electronic signatures. ISO/IEC 9594-8 (200 1): “Information technology; Open Systems Interconnection; The Directory: Public-key and attribute certificate frameworks“. IETF RFC 3280: “Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile“, R.Housl

26、ey, W. Ford, W. Polk, D. Solo, April 2002. IETF RFC 3039: “Internet X.509 Public Key Infrastructure Qualified Certificates Profile“, S. Santesson, W. Polk, P. Barzin, M. Nystrom, January 2001. ITU-T Recommendation X.520: “Information technology; Open Systems Interconnection; The Directory: Selected

27、attribute types“. IETF RFC 3281: “An Internet Attribute Certificate Profile for Authorization“, S. Farrell. R. Housley, April 2002. EN 450 13 : “General criteria for certification bodies operating certification of personnel“. ISO/IEC FDIS 17024 (2002): “Conformity assessment; General requirements fo

28、r bodies operating certification of persons“ draft. EAC/G4: “Guidelines on the Application of EN 45013“, issued in September 1995 by the European Accreditation of Certification, ETSI TS 101 862: “Qualified certificate profile“ ISO/IEC 9594-6: “Information technology; Open Systems Interconnection; Th

29、e Directory: Selected attribute types“. 41 51 61 71 SI 91 lo1 i 11 121 i31 ETSI 7 ETSI TR 102 044 VI .I .I (2002-12) 3 3.1 Definitions and abbreviations De fi nit ions For the purposes of the present document, the following terms and definitions apply: attribute: information bounded to an entity tha

30、t specifies a characteristic of an entity, such as a group membership or a role, or other information associated with that entity Attribute Authority (AA): authority trusted by one or more users to create and sign attribute certificates NOTE: It is important to note that the AA is responsible for th

31、e attribute certificates during their whole lifetime, not just when registering them. Attribute Certificate (AC): data structure containing a set of attributes for an end-entity and some other information, which is digitally signed with the private key of the AA which issued it Attribute Certificate

32、 Policy (ACP): named set of rules that indicates the applicability of an attribute certificate to a particular community andor class of application with common security requirements or which indicates basic rules for registering, delivering and revoking attributes contained in certificates Attribute

33、 Certification Authority (ACA): authority trusted to include attributes in either PKCs or ACs Attribute Certificate validity period: the time period during which the attributes included in an attribute certificate are deemed to be valid Attribute certification period: the time period during which AC

34、s including a given attribute will effectively be provided by the AA Attribute Certification Practice Statement (ACPS): statement of the practices that an Attribute Certification Authority employs in issuing certificates. authoritative Attribute Issuing Authority (AIA): the authoritative source of a

35、n attribute certificate: either Attribute Certificate or a Public Key Certificate NOTE: Where there is no distinction made the context should be assumed that the term could apply to both an Attribute Certificate or a Public Key Certificate. Certification Authority (CA): authority trusted by one or m

36、ore users to create and assign public key certificates group membership: state of being a member of a group, e.g. a club, a company, an organization, an organization branch or a project Privilege Management Infrastructure (PMI): the infrastructure able to support the management of privileges in supp

37、ort of a comprehensive authorization service and in relationship with a Public Key Infrastructure Public Key Certificate (PRC): data structure containing the public key of an end-entity and some other information, which is digitally signed with the private key of the CA which issued it Qualified Cer

38、tificate (QC): Public Key Certificate that conforms to annex I from the Directive 1999/93/EC and that is issued by a Certification Authority that conforms to the requirements from annex II from the same Directive NOTE: See 3. role: function, position or status that somebody has in an organization, i

39、n society or in a relationship ETSI 8 ETSI TR 102 044 VI .I .I (2002-12) 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: AA AC ACA ACP ACPS AIA ASN. 1 CA EESSI OID PKC PKI PMI QC Attribute Authority Attribute Certificate Attribute Certification Authorit

40、y Attribute Certificate Policy Attribute Certification Practice Statement Attribute Issuing Authority Abstract Syntax No. 1 Certification Authority European Electronic Signature Standardization Initiative Object IDentifier Public Key Certificate Public Key Infiastructure Privilege Management Infiast

41、ructure Qualified Certificate 4 Implications from the requirements of the Directive Directive 3 article 2(3) states that: “signatorymeans aperson who . acts either on his own behalfor on behalfof the natural or legalperson or entity he represents“, introduces the need to define under which role do s

42、ubjects sign. Directive 3, annex I specifies that: “Qualified certificates must contain (. . .) . . . (d) provision for a specific attribute of the signatory to be included ifrelevant, depending on the purpose for which the certijicate is intendedl The previously quoted annex I (d) of the Directive

43、3 clearly lays down the possibility to include “attributes“ in a QC (Qualified Certificate). This provides sufficient legal support to adopt QCs to spec Attributes, where deemed useful and applicable. This can be achieved by inserting them in the “title“ field within the subjectDirectoryAttribute ex

44、tension defiied in ISO/IEC 9594-8 4, as per IETF RFC 3039 6. It is to be noted that, although article 6(3), (4) and annex I (i), 0) of the Directive 3 also explicitly provide for the possibility to speciSl “limitation to the value of a transaction“ and “limitations of use“ in a QC, such data, that m

45、ight be thought of as signers “attributes“, have their natural location respectively in the field “QcEuLimitValue“, defiied in TS 101 862 12, and in the extensions keyusage, extendedKeyUsage, defiied in ISO/IEC 9594-8 4. On the other hand, as per the QC requirements stated in Directive 3 annex I, a

46、QC must hold the signature verification data (letter e), so an Attribute Certificate cannot be a QC, since it bears no public key. The following Directive 3 provisions are worth noting. 1) As per article 6( i), liabilities apply on issuing QC CSP, namely “as regards the accuracy at the time of issua

47、nce of all information contained in the qualified certificate . . .“, which includes “provision for a specific attribute of the signatory to be included if relevant, depending on the purpose for which the certificate is intended“, as per annex I, letter (d) Annex II, letter (l), 3d bullet requires t

48、hat a QC may be publicly available only upon subjects consent. This requirement must be taken in account also when issuing attributes-speciSling QCs. 2) Directive annex II (d) also puts a clear onus on the QC issuing certification service providers that speciSl subjects Attributes: “veriSl, by appro

49、priate means in accordance with national law, the identity and, if applicable, any specific attributes of the person to which a qualified certificate is issued“. From the previous Directive excerpts it is clear that specific requirements are to be met by any authority that certifies any kind of attribute. If this authority is the same CA that issues PKCs certiSling attributes, e.g. through the subjectDirectoryAttribute extension, then the Certificate Policy shall be enriched with additional requirements related to attribute Certif

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1