P1: JDW
PublicKey WL040/Bidgolio-Vol I WL040-Sample.cls June 19, 2003 16:56 Char Count= 0
POLICIES ANDPROCEDURES 163for the requesting, using, and handling of certificates and
keys. The CP asserts that this security policy shall be im-
plemented from certificate generation until its expiration
or revocation. It does not specify how the policy shall be
implemented. For example, a CP might state the follow-
ing: “All subscribers shall be authenticated in person by
an RA before a certificate is issued.” The CP excludes all
operational details, because these may evolve over time.
The CP should not identify the physical location of the CA
or the products used in the CA. By excluding these details,
the CP is a stable and high-level document. Multiple CAs
may operate under a single CP. This is often the case when
multiple CAs are maintained by a single enterprise, jointly
supporting a single community.
Different people will use the CP for different reasons.
For example, the CP will be used to guide the development
of the CPS for each CA that operates under its provisions.
CAs from other enterprise PKIs will review the CP before
cross-certification. Auditors and accreditors will use the
CP as the basis for their review of CA operations. Applica-
tion owners will review a CP to determine whether these
certificates are appropriate for their application.
The CPS is a highly detailed document that describes
how a particular CA implements a specific CP. The CPS
identifies the CP and specifies the mechanisms and proce-
dures that are used to achieve the security policy. The CPS
asserts that the specified products will be used in com-
bination with the specified procedures. The CPS might
state the following: “Users will receive their certificates
and smartcards from the RA after presenting the fol-
lowing credentials in person: (a) current driver’s license,
(b) work identification card, (c) blood sample, and (d) hair
sample.” A CPS includes sufficient operational details to
demonstrate that the CP can be satisfied by this combina-
tion of mechanisms and procedures.
Each CPS applies to a single CA. The CPS may be con-
sidered the overall operations manual for the CA. Specific
portions of the CPS may be extracted to form theCA Op-
erator’s Guide, RA Manual, PKI Users Guide,or other role-
specific documentation. Auditors and accreditors will use
the CPS to supplement the CP during their review of CA
operations. Note that a CPS does not need to be published.
The combination of a CP and the results of an accredita-
tion process should be sufficient for external parties.
RFC 2527 proposes an outline with eight major sec-
tions and 185 second- and third-level topics. RFC 2527
established an outline with the following major sections:Introduction
General Provisions
Identification and Authentication
Operational Requirements
Physical, Procedural, and Personnel Security Controls
Technical Security Controls
Certificate and CRL Profiles
Specification Administration
Privilege ManagementOrganizations seek improved access control. Public
key certificates can be used to authenticate the identity ofversionserial numbersignatureissuervalidityissuerUniqueIDextensionsattributesholderFigure 6: X.509 attribute certificate structure.a user, and this identity can be used as an input to access
control decision functions. In many contexts, however, the
identity is not the criterion used for access control deci-
sions. The access control decision may depend on role,
security clearance, group membership, or ability to pay.
Authorization information often has a shorter lifetime
than the binding of the subject identity and the public key.
Authorization information could be placed in a public key
certificate extension; however, this is not usually a good
strategy. First, the certificate is likely to be revoked be-
cause the authorization information needs to be updated.
Revoking and reissuing the public key certificate with up-
dated authorization information can be expensive. Sec-
ond, the CA that issues public key certificates is not likely
to be authoritative for the authorization information. This
results in additional steps for the CA to contact the author-
itative authorization information source.
The X.509attribute certificate(AC) binds attributes to
anAC holder. Because the AC does not contain a public
key, the AC is used in conjunction with a public key certi-
ficate. An access control function may make use of the
attributes in an AC, but it is not a replacement for au-
thentication. The public key certificate must first be used
to perform authentication, then the AC is used to associate
attributes with the authenticated identity.
ACs may also be used in the context of a data origin
authentication service and a non-repudiation service. In
these contexts, the attributes contained in the AC provide
additional information about the signing entity. This in-
formation can be used to make sure that the entity is au-
thorized to sign the data. This kind of checking depends
either on the context in which the data is exchanged or on
the data that has been digitally signed.
Figure 6 illustrates an attribute certificate for Alice.
This is a version 2 AC, and the AC holder is Alice. The AC
was issued by the Hawk DataAttribute Authority,and was
signed with DSA and SHA-1. The serial number is 4801,
and the AC is valid from 8 a.m. on April 2, 2002, until
noon that same day. The attributes indicate that Alice
is VPN administrator. The AC extensions indicate that
this certificate is targeted toward the Hawk VPN server,
and that revocation information is not available for this
certificate. ACs often have no revocation information.