Flow of information between a publisher’s server and a user’s computer in using digital certificates:
a.The client attempts access to a controlled
resource from a publisher, such as a database
or digital library, usually through a Web interface.
b. The publisher’s server asks the client to present a
certificate.
c. The client presents a certificate, and the publisher’s
server verifies that the certificate
• is issued by a recognized certificate authority,
• asserts that the holder is a member of a licensed
institution, and
• has not been revoked.
d. The publisher extracts a URL from the certificate,
which provides the means to retrieve from the
campus or library additional information (attributes)
needed for authorization decisions.
e. The publisher then connects to the specified
attribute server using the prescribed secure protocol,
presenting its own X.509 certificate to establish the
secure connection. The attribute server verifies that
the publisher’s certificate is valid and uses the
publisher’s identity to determine access permissions
from the information in the directory service.
f. The attribute server executes the query. The result of
the query is presumed to be a list of attribute namevalue
pairs, including the service type or access
authorized for the individual. The list of results is
returned to the publisher.
g. The publisher looks at the value(s) of the
“ServiceClass” attribute. If at least one value is valid
for the publisher and service requested, the user is
granted access. The precise access rights may
depend on the ServiceClass attribute value(s), the
institution to which the individual belongs, and
other factors (e.g., number of current users).
References:
http://www.diglib.org/architectures/cren-dlf.pdf
Subscribe to:
Post Comments (Atom)
1 comment:
By knowing all these events it seems that the concept of digital certificate is more clear to me. The flow of information helped me to learn about the significance of digital certificates. Thanks.
digital certificate
Post a Comment