Web-based authorization based on X.509 Privilege Management Infrastructure

The access control to resources is bound up with the authentication and the authorization. The methods used up tin now are quite static and maintain the information centralized with some important scalability problems. In addition, they do not take advantage of public key cryptography for the authorization. In order to overcome these disadvantages the IT UT X.509 Recommendation defines a framework for authentication (PKI, Public Key Infrastructure, based on identity certificates) and authorization (PMI, Privilege Management Infrastructure, based on attribute certificate). This paper presents an implementation of an authorization system for web based applications based on the ITU-T X.509 Recommendation. For compatibility with web clients and servers, the credentials are transmitted using a standard web communications protocol, such as https. The goal of our system is that is easy-to-use, X.509 compatible and a standard web browser can be used as a client.