Privacy Server Protocol Project
Privacy Server Protocol Project
|
|
|
Non Repudiation. Every agreement will have a self-signed X.509 certificate from each party that signs the agreement. This proves that both parties have agreed to the agreement in a way that neither party can deny or repudiate. The agreement is a single XML PolicyRef text stream. This PSP-type Signing Certificate from each Signee is required to contain
In addition, as part of the negotiation and embedded in the XML (P3P extensions) is agreement regarding the required Credentials. A credential at minimum is one certificate, although it may include one or more chains of certificates:
Thus, by confirming that the two public keys are the same, the Signee can be authenticated to be who he represents himself to be. Note that this credential certificate is not specific to a specific agreement and can be obtained once and reused. The type of this certificate is not restricted except that both parties to the negotiation must agree to the form of this certificate. Thus, PSP supports any type of legal or non-legal authentication employed with X.509 certificates. A credential may also contain Agency information. Credentials can be negotiated and supplied to confirm that either the User Agent or the Server Agent is acting on behalf of another Agent. This is done by providing a certificate signed by the original agent that wishes to be bound by the agreement. Authentication and Agency can be provided in one credential set since the Root Certification Authority may authenticate "A" and "A" may grant agency to "B" who then negotiates on behalf of "A". The signing certificates and the credentials are appended to the XML policy. |
|
Questions or problems regarding this web site should be directed to rht@cs.cmu.edu
.
|