- Akenti (AKA the Akenti policy
engine)
-
An independent software module that identifies all
use-conditions associated with
a resource, searches for
the corresponding user
attributes, and verifies
that a potential user fulfills the use-conditions.
- attribute
-
A characteristic of a person or other identifiable
entity. An attribute usually fulfills a
use-condition in
Akenti.
Stakeholders most
commonly impose the use-condition that a user must belong
to a particular group. A potential user would have to
demonstrate group membership by obtaining an
attribute certificate to
that effect.
- attribute
certificate
-
A certificate that
asserts something about its
subject, namely, that the
subject possesses the named attribute.
An attribute certificate usually applies to a particular
use-condition. Although no
such use-condition need exist, an attribute certificate
without a corresponding use-condition is useless in
Akenti.
An attribute certificate allows a user attribute certifier
to provide a user characteristic that matches a
use-condition in a natural and convenient way.
[More
information]
- authenticate
-
To verify the identity of another party in a communication.
- capability
-
The combination of a verified user identity, an assured
access control decision, and a list of permitted actions,
provided by Akenti to the
application (or its agent). The application uses a
capability to control specific user actions and to set up
a secure communication channel between the user and
resource.
- CA
-
Abbreviation for certificate
authority.
- certificate
-
A document that has been digitally signed by a trusted
party.
In the Akenti system, a
certificate may assert identity
(identity certificate),
attest to an attribute of a
subject
(attribute certificate),
or state a condition to be met
(use-condition certificate).
- certification
authority (AKA certificate authority)
-
An entity trusted to "vouch" for the identity
of a subject. In a public
key infrastructure, a certificate authority signs an
identity certificate for
the subject
Abbreviation: CA.
See also subject,
identity certificate.
- CN
-
Abbreviation for common
name.
- common name
-
A person's given name, e.g., Mary R. Thompson.
See also distinguished
name.
- distinguished
name
-
The identifier associated with an entity (e.g., a person)
in the ISO X.500
Directory. The distinguished name's format is not defined
in the
LDAP specification(see
the
references
section for a link to the current protocol
specification),
but conventionally it is a representation
of the entity's position in a hierarchy, such as that
formed by a person's country, organization, and
organizational unit, together with the person's
common name.
Abbreviation: DN.
See also common name,
Lightweight Directory Access
Protocol.
- DN
-
Abbreviation for distinguished
name.
- identity
certificate
-
ISO X.509-standard format
certificate used within a certificate authority
infrastructure for identifying and
authenticating an
entity, typically a person.
An identity certificate is issued by a
certificate authority
(CA). It contains the name of the issuer (the CA), the
distinguished name of the
subject, a validity
period, the signature algorithm that is used, the public
key of the subject, and the signature of the CA. Many
extensions are defined by version 3 of the X.509 standard.
See http://www-itg.lbl.gov/security/Akenti/docs/IdentityCert.html
for an example of an identity certificate issued by the
Netscape CA.
- LDAP
-
Abbreviation for the Lightweight
Directory Access Protocol
- Lightweight Directory Access
Protocol
-
A protocol "designed to provide access to the X.500
Directory while not incurring the resource requirements of
the Directory Access Protocol"
[RFC
2559].
To translate: the Lightweight Directory Access Protocol
(LDAP) is used to communicate with the
ISO/OSI directory service.
Broadly defined, a directory is a "special
purpose [database], usually containing typed
information. "
An example of an Internet-based directory is the Domain
Name Service (DNS). A directory accessed via LDAP,
however, can contain any kind of information, unlike the
special-purpose DNS directory. We refer to a directory
accessible via LDAP as an LDAP server.
An LDAP server is used as a Registration Agent (RA) by the
Netscape CA. All valid certificates are entered into an
associated LDAP server, and are removed when then are
revoked. Thus one can check if a certificate has been
revoked by looking it up in the CA's LDAP server. If it is
not found, it is assumed to have been revoked.
[More
information]
- policy certificate
-
A certificate stored with the
resource that specifies
who may create use-conditions
for the resource and where the use-conditions are stored.
It may also include the list of acceptable
CAs to verify user
identities.
[More
information]
- resource
-
That which Akenti protects.
Examples of currently protected resources or resources to
be protected in the future include Web pages, scientific
instruments, and premium network bandwidth.
- Secure Sockets Layer
protocol
-
A network protocol that allows the two ends of a unicast
communication link to
authenticate one
another and to establish an encrypted connection.
Akenti and most other
SSL-enabled applications use SSL version 3.
Abbreviation: SSL.
See also Transport Layer Security
protocol.
- SSL
- Abbreviation for the Secure Sockets
Layer protocol.
- stakeholder
-
A party with authority to grant access to a
resource. Stakeholders
express their interest in the resource via
use conditions.
- subject
-
The identifiable entity to which a certificate applies.
In the Akenti system, a
subject is usually a human being or a
resource.
- TLS
- Abbreviation for the Transport
Layer Security protocol.
- Transport Layer Security
protocol
-
The IETF's adaptation of
SSL, version 3. The
IETF's
Transport
Layer Security working group is in charge of the
standardization process.
Abbreviation: TLS.
[More
information]
- use-condition
-
A stakeholder's requirement that a potential user must
fulfill (by producing a corresponding
attribute) before being
allowed to access or to use a
resource.
- use-condition
certificate
-
A certificate that
states a requirement that a user must meet to be granted
access to the resource.
A use-condition certificate allows a
stakeholder to impose
its use-condition in a natural
and convenient way, by representing the use-condition as a
certificate that is generated, maintained, and
distributed in the stakeholder's local (working)
environment.
[More
information]
- X.509
-
The ISO
authentication
framework.