Whitepapers

Public Key Infrastructure (PKI)

On this page you'll find a list of our Public Key Infrastructure (PKI) whitepapers.

---

 

Identity Management: Is Directory Inside or Outside?
The role of directory varies considerably in different Identity Management solutions. This includes; systems where directory is a central and highly visible component, systems where directory is used, but is not really visible and systems that do not use directory. This paper examines the role of directory in Identity Management, with particular focus on functionality where an externally visible directory can play a part.

Federated Identity, Distributed PKI and Smart Cards
This paper considers authentication systems based on smart cards, where the smart cards will be issued by many organizations, and authentication must work at any location. An important example of this type of deployment is the US Government planned deployment in support of HSPD (Homeland Security Presidential Directive) 12.

Directory Signed Operations
Directory signed operation are often requested or mandated as a part of Military ACP 133 Directory or other directory services with high security requirements. This paper explains what directory signed operations are, the benefits they provide, and situations where it makes sense to require their use.

Easy Setup of Strong Authentication
In order to gain the overall administrative "win" by choosing strong authentication, it is critical to make the setup of keys and certificates very easy, which in turn leads to the requirement on making Certification Authority interaction easy. This paper looks at how to achieve this goal, and Isode’s approach to the problem.

Why Strong Authentication for Directory?
LDAP and the X.500 directory protocols can all use strong authentication based on X.509 PKI (Public Key Infrastructure). This paper looks at the benefits and issues in using strong authentication for directory. It considers security threats to directory and looks at how strong authentication can be used to address these threats. It also looks at administrative benefits and drawbacks. This paper argues that strong authentication should used wherever possible for server to server communication, and for administrator access.

Why Strong Authentication? – The Security and Administrative Benefits of using X.509 PKI based Strong Authentication
Strong authentication based on X.509 PKI (Public Key Infrastructure) is available in a number of protocols and provides both security & administrative benefits and drawbacks. This paper looks at the security and administrative benefits (and draw backs) of using strong authentication. This paper looks at generic issues that apply to many applications and protocols using strong authentication. Future white papers will look at specific applications of strong authentication.

Distributed directory in support of large-scale PKI
This paper looks at the uses of directory made by a PKI (Public Key Infrastructure) system and PKI-enabled applications. It defines requirements in terms of directory and then looks at how directory can be used to meet these requirements, and implications on provision of a distributed directory.

Distributed Directory in support of Large Scale PKI: Supporting Government Departments
In a previous white paper on Distributed Directory and PKI we took a "top level" view, and focused particularly on the relationship between departments and what is needed to be supported in the middle. This follow-on paper takes a departmental view, and looks at what a department will realistically need to do in order to provide a directory service that will integrate into the complete system. Whilst this white paper takes a generic approach, the models set out are written in light of the requirements of US Government departments that need to conform to Homeland Security Policy Directive 12 (HSPD12) and will interconnect using the Federal Bridge as part of the US Federal PKI.