|
PAP (Policy Administration Point), 129
Passport (Microsoft). See also Liberty Alliance Project
attacks against, 191–193
cookie description, 189–190
cookies, user ID value in, 191
ForceLogin, Boolean value for, 190
key management, lack of, 188
login process, 188–191
malicious partner applications, 193
MSP Auth cookies in, 188
privacy in, 193–194
secret key exchange in, 188–189
SecureLevel, specifying, 191
and single sign-on, 54
TimeWindow value, checking, 190, 191
user authentication to Passport server, 191, 192
vs. Liberty Alliance Project, 226
PDP (Policy Decision Points)
authorization decision request to (SAML sample code), 135
and multiple PEPs, 129
and SAML, 35, 109, 110–111
and XACML architecture, 128–131
and XACML policy statement documents, 135
PEP (Policy Enforcement Points)
and authentication of PDP identity, 135
authorization decision query from (XACML), 130–131
rule enforcement by (XACML), 130
and SAML, 35, 109, 110–111
single vs. multiple, 129
(non)persistent authentication/integrity (ebXML), 256
persistent confidentiality, 53
persistent digital signature (ebXML), 256
persistent encryption, 84–85
persistent integrity (XML Signature), 75–76
persistent security, 51
industry specifications for, 52
persistent signed receipt (ebXML), 256
PGP (Pretty Good Privacy), 139. See also keys; PKI (Public Key Infrastructure)
“Ping of Death,” 38
PIP (Policy Information Point), in XACML, 129, 130
PKCS#7, 28, 53
canonicalization in, 70
intelligibility of (vs. XML Signature), 68
in S/MIME message (sample code), 66–67
use of ASN.1 in, 53, 68–69
PKI (Public Key Infrastructure), 138–139. See also keys; XML Signature; XKMS (XML Key Management Specification)
and authentication, 32–33
centralized trust management with, 142
certificates, Kohnfelder proposal for, 138
and client deployment complexity, 141–142
commonly cited infrastructures, 138–139
DNSSEC (Domain Name System Security), 139
five functional points about, 139–140
functional description of, 29–31, 138–139
and PGP (Pretty Good Privacy), 139
PKIs, ease of coding, 141
PKIX (Public Key Infrastructure X.509), 138
and private key recovery, 157–158
SPKI (Simple Public Key Infrastructure), 139
X.509 certificates, 138
XKMS, difficulties/advantages of implementing, 140
XKMS1.0 and XKMS 2.0, 138
and XML Key Management Specification (XKMS), 55
PKIX (Public Key Infrastructure X.509), 138. See also keys; PKI (Public Key Infrastructure)
policy, XACML
metapolicy in, 128
PIP (Policy Information Point), 129, 130
policy statement documents, integrity of, 135
policyStatement in, 125–128
PRP (Policy Retrieval Point), 129
portable trust, 54
principal, 205
privacy, 36. See also encryption; keys
and Passport, 193–194
PGP (Pretty Good Privacy), 139
rule variation by country, 36
WS-Privacy (in WS-Security), 169
and XACML, 136
Protocol Profile, 211
Provider, 205
Provider ID, 211
ProviderID, 206, 217, 224
ProviderSuccinctID, 205
PRP (Policy Retrieval Point), in XACML, 129
|