BIB-VERSION:: CS-TR-v2.0
ID:: ncstrl.dartmouthcs//TR2009-650
ENTRY:: June 06, 2009
ORGANIZATION:: Dartmouth College, Computer Science
REQUESTED-BY:: sws@cs.dartmouth.edu
REQUESTED-FOR:: gweave01@cs
REQUESTED-DATE:: Fri Jun 5 10:21:15 EDT 2009
TITLE:: A Computational Framework for Certificate Policy Operations
TYPE:: Technical Report (paper)
REVISION:: 1
AUTHOR:: Weaver, Gabriel A.
AUTHOR:: Rea, Scott
AUTHOR:: Smith, Sean W.
DATE:: June 2009
RETRIEVAL:: For a paper copy, email <reports@cs.dartmouth.edu>
RETRIEVAL:: For a paper copy, write to
       Technical Report Librarian
       Department of Computer Science
       Dartmouth College
       6211 Sudikoff Laboratory
       Hanover, NH 03755-3510
       USA
RETRIEVAL:: PDF at http://www.cs.dartmouth.edu/reports/TR2009-650.pdf
ABSTRACT:: The trustworthiness of any Public Key Infrastructure (PKI) 
rests upon the expectations for trust, and the degree to which those ex- 
pectations are met. Policies, whether implicit as in PGP and SDSI/SPKI 
or explicitly required as in X.509, document expectations for trust in a 
PKI. The widespread use of X.509 in the context of global e-Science 
infrastructures, financial institutions, and the U.S. Federal government 
demands efficient, transparent, and reproducible policy decisions. Since 
current manual processes fall short of these goals, we designed, built, 
and tested computational tools to process the citation schemes of X.509 
certificate policies defined in RFC 2527 and RFC 3647. Our PKI Policy 
Repository, PolicyBuilder, and PolicyReporter improve the consistency 
of certificate policy operations as actually practiced in compliance au- 
dits, grid accreditation, and policy mapping for bridging PKIs. Anecdotal 
and experimental evaluation of our tools on real-world tasks establishes 
their actual utility and suggests how machine-actionable policy might 
empower individuals to make informed trust decisions in the future.
END:: ncstrl.dartmouthcs//TR2009-650