Research On Authorization Policies And Path Processing In PMI

Along with the electronic government,the electronic commerce and the electronic finance activities are very frequent day by day in the era of information.It has not been able to satisfy the development demand of society that to realize the authentication and the authorized management in the PKI—the existing network complete safe solution.Therefore,privilege management infrastructure(PMI)is separated from the PKI,Its'purpose is that to build the general safe convenience foundational platform of the privilege manage for the entire PKI application system.Researched on the relevant tool and documents,the foundation test platform of the PMI is built,including the structure of authorization center AA server,the build of SQL2000 database,LDAP directory server combined to the identity authentication tool SASL in Linux platform.Authorization validation is among the most important works in PMI system,and that certificate path processing is the key job for the authorization validation.Referenced by the relevant theories about the PKC(public key certificate)path processing.The thesis brought forward an optimized schema of the attribute certificate path processing mechanism addition to a local database act as historv depository:The history depository is introduced to save the certificate chains information for the next time,which is proved to be validated last time.Special database can remedy the inadequacy of the buffer capability in some buffer mechanism schemas,it relieve the certificate path constructing burden of the validation server between oneself and the service applicant time after time.The paper put forward an algorithm of attribute certificate path processing as well as the design of the flow chart,the optimized mechanism performance analysis is presented,it prove to be good time performance.By building the experimental platform of the PMI,optimizing the certificate path processing mechanism design,researching the multi-system integration authorization policies,it lays the found~ion for a general safe efficient privilege management platform.