??ࡱ?>?? Q|????P}??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????6?(`???  ? ?????http://www.ietf.org/internet-drafts/draft-shaw-openpgp-hkp-00.txt??/? 0????DTimes New Roman(??????d? 0?? & 0??DSymbolew Roman(??????d? 0?? & 0? ?DMonotype Sorts(??????d? 0?? & 0??f???? ? .??@  @@``???  @?n???" dd@?????????  @@``?? z?r???i*& 3?2 +    &S ?~??????????1???????????0? ??????n?@???8???????g??4BdBdd? 0??????????p?pp?0 ? <?4BdBd???@ 0`??u?ʚ;2N??ʚ;<?4!d!d???= 0??<?4dddd???= 0???F?>?___PPT9? /? 0?z????-?@May 14, 2003. RIPE-45, Amsterdam ?TFonkey Project Update: Target applicationsO? ?=??)???*Fonkey Project Update: Target Applications?0+($ ??DTechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko ?"E!$"?$ ?B5??Outline?  ??7Fonkey Project Status Design issues Target applications?88?" ??V??Fonkey Project Status?? Fonkey (former Donkey) Project at NLnet Labs - http://www.nlnetlabs.nl/fonkey/ System to distribute cryptographic key and reference information bound by Digital Signature To serve as a sort of identification Project Status Current stage  definition and pilot implementation of basic client-storage functionality including Package format Simple query language Publish, retrieve, search protocols Demo - available mid June For the next stage  p2p network infrastructure and related protocol and data format issues??OZ\Z&ZZeZdZ\ZO\& ed\?G??i;??$What is Fonkey: Fonkey functionality???Fonkey allows anyone to publish a named key, together with optional data (Fonkey package) Fonkey is NOT a permanent storage: key must be republished to remain available Fonkey does NOT define a policy for key/payload usage This is an application specific function Fonkey allows anyone to search for a published key, based on the key's name (required) and signers (optional) Fonkey allows anyone to sign a published key ?lZ?)?Z?)?  ??U?? Design issues: Package structure??$Type  Type of Package: (Key | Named | Signature) Key  Owner s public key Properties  A set of name/value pairs To serve control/status and identification function Payload - Application specific content and format May include specific format definition (e.g., embedded XML Schema) Signatures  Signature used to ensure integrity and identity of Package Signed by Owner s private key Signed by others ??r42CH/. 4+C >/  ?G:??Design issues: Types of Package? ?  ???Generic Package structure  {Type, Public Key, Properties, Payload, Signature} Key Package  like generic package Unique ID is defined by Public Key Location by Public Key attributes/info Named Package  adds Name field to the generic package Unique ID is defined by Name and Key Location by Name Signature Package  adds Subject (ID of the package signed by this Signature) and References (to signed parts/portions) Unique ID is defined by Public Key and Subject Location by (Subject, Public Key) pair??P$J76xVP J *6  g  V??\??Design issues: More information? ? ???Package format Currently used Python data object format as an internal format and XML based exchange format Prospectively internal XML format and XML Protocol More information  Fonkey Project Overview http://www.nlnetlabs.nl/donkey/donkey-overview.pdf ?:?`?`????[??Fonkey Target Applications??zFonkey is kept as simple as possible to create easily deployable infrastructure Analysis of target applications requirements allows to define specific requirements and necessary extensions to the generic/basic functionality Applications under discussion PGP Keyserver with extended payload Privilege Storage (bound to PK based identity) Identity Server for Liberty Project applications  under discussion Other applications Location Server for IIDS Client applications requiring XMLSig functionality, e.g. WS/SOAP based AAA Agent, IODEF enabled Incident Handling System?|P???P???  ??? ???W??*Target Application: Extended PGP Keyserver??SReference - The OpenPGP HTTP Keyserver Protocol (HKP) ?http://www.ietf.org/internet-drafts/draft-shaw-openpgp-hkp-00.txt Specific requirements PGP key request via HTTP GET Operations - {get, index, vindex, x-?} Search - variable {key ID, V4 Fingerprint, V3 Fingerprint} Modifier = {options {mr, nm}, fingerprint, exact PGP key publish via HTTP POST OpenPGP Packet in an ASCII Armored format (RFC2440) Benefits/new functionality with Fonkey Adding application oriented payload Flexible search for Key information Building P2P infrastructure Integration with other types of PK infrastructures???ZZ?ZZ4Z'Z?Z??4 '??r!ANY9???m 0?8y??X??/Target Application: Privilege Storage (for PMI)??Specific Requirements Publish and retrieve/search for Subject s Attribute Certificate/Package Administrative interface for generating role-based AC (not necessary X.509) Benefits Flexibility in using XML Schema for Subject s attributes comparing to LDAP Possibility to integrate with PKC storage Issues to solve Policy definition Administrative interface Using SAML for attributes assertions ?t? uQ? uQ ??Y??1Prospective Target Applications: Identity Server ???Prospective Target application  Identity Server for federated identity management with Liberty Alliance Project (LAP) New set of LAP specifications published - http://www.projectliberty.org/ Using SAML and Web Services technology Trust management for dynamic identity federation Circles of trust initiated and controlled by user Promising area  needs further discussion ??xIX2*wIX2 )?????Z??"Other possible uses (not intended)??0Applications requiring XML Signature based functionality Adding XML Signature to proprietary XML Documents (e.g., IODEF) Adding XML Signature to SOAP based applications (e.g., AAA/Web Services) Mostly limited to Client functionality Location Server for IIDS (Interactive Intelligent Distributed Systems)?<9?G9?G/?? P?????P? `? ????????f??????`? ???3?????????????`? ???___?????????????>???" dd=??????????????" dd?=?????????????uA?4? d?O?" ?i ?n???" dd??????????   @@``P?P   4 O i`? p?@??@    ? ?)? ?( ? ??p ? ? ?H??????d???? ?'W??? ? ? ?Z????a????a?????????? ??x8???? ? ?T?? Click to edit Master title style?!? !?: ? ? ?T?????a????a????????? ??Sg??? ? ???RClick to edit Master text styles Second Level Third Level Fourth Level Fifth Level?!    ? S? ?  ?`?8?a????a??????????? ?? ????? ? ?`??*? ???=44OOii?  ?   ?`?\?a????a??????????? ?? `???   ?b??*? ???=44OOii?$ ?!  ?`??a????a??????????? ??!?????  ?|??Slide_*?( ???=44OOii?Z?F ?1?lY ?$ ??~???~ ?" ? ?N?????????2?????1?l$?~ ?# ? ?N?????????2?????1IlY??F ??? ?) ???c?8 ?% s ?B?C{DE?8F?@??????????????????@????????F??h??=?Zhz?zFz?\F3? @???????????????????0 ?& s ?B?C?DE?4F?<??????????????????@????? ????i??<?????<??#i?????@???????????????g?5?0 ?' s ?B-C?DE?4F?<??????????????????@????? ??o?????*l??,J??????Jz?o@???????????????Arn*? ?( ? ??BKCoDE?4F?<?????????? ??(%+(J27JQ+E%nEQ7@???????????????????H ? ? ?0??@??޽h??? ?? ??????????f?????? ?International?? ? ??@?% ?E?( ??4p? ~?p? ? ?^ ? ? ?6??????? ?@_??p ? ? ?H??????d???? ??_??? ? ? ?Z????a????a?????????? ????????  ?T?? Click to edit Master title style?!? !?? ? ? ?Z?\??a????a?????????? ??HZjG ??  ?W??#Click to edit Master subtitle style?$? $? ?  ?`? ??a????a??????????? ????????  ?\??*????=44OOii? ?  ?`????a????a??????????? ???S ???   ?^??*????=44OOii? ?  ?`????a????a??????????? ????????  ?n??Slide 2_*?  ???=44OOii?H ? ? ?0??@??޽h??? ?? ??????????f?????????? 0 ??`??*?( ? ?? ? ? ?T??Kd?jJ??jJ??????? ???? K3??  d ?h??*? ?? ? ??? ? ? ?T?dMd?jJ??jJ??????? ????? ?3?? d ?j??*? ?? ? ???p ? ? ?0?????1? ???8?] ?? d?: ? ? ?T?`^d??g?ֳ??g?ֳ?????? ??? V?%?? d ???RClick to edit Master text styles Second level Third level Fourth level Fifth level?!    ? S?  ? ? ?Z??hd?jJ??jJ???????? ??? K???  d ?h??*? ?? ? ???  ? ? ?Z?Hid?jJ??jJ???????? ???? ???? d ?j??*? ?? ? ???H ? ? ?0??޽h?????? ?? ??????̙33????????? ?????0?( ? ??H ? ? ?0???޽h????? ?? ??????̙33??????????? 0?(0????( ? ??? ? # ?l?L???g????g????????????? ? ??x$?? ? ? ??? ? # ?l?8???g????g????????????? ? ?H????? ? ? ??H ? ? ?0???@??޽h?? ?? ??????????f????????? ? ?? ???0?( ? ???x ?? c ?$?????x8????   ? ??x ?? c ?$?????Sg???  ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ???p???$?( ? ???r ?? S ??P?d???x8????  d ? ??r ?? S ?? ?d???Sg??? d ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ?????<?$?( ? ?<?r ?< S ??L?d???x8????  d ? ??r ?< S ???d???Sg??? d ? ??H ?< ? ?0???@??޽h?? ?? ??????????f????????? ? ??????0?( ? ???x ?? c ?$?h n????x8????  n ? ??x ?? c ?$?Pn????Sg??? n ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ???????$?( ? ???r ?? S ???d???x8????  d ? ??r ?? S ????d???Sg??? d ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ???????$?( ? ???r ?? S ???n???x8????  n ? ??r ?? S ??8n???Sg??? n ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ???????$?( ? ???r ?? S ??P/n???x8????  n ? ??r ?? S ???n???Sg??? n ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ???????$?( ? ???r ?? S ???(n???x8????  n ? ??r ?? S ??p)n???Sg??? n ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ???????$?( ? ???r ?? S ??4Dn???x8????  n ? ??r ?? S ???Dn???Sg??? n ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ??????$?( ? ???r ?? S ???nn???x8????  n ? ??r ?? S ???=n???Sg??? n ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ??????$?( ? ???r ?? S ???%n???x8????  n ? ??r ?? S ?? Bn???Sg??? n ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? 0 ???P??? ?( ????? ???X ?? C ?????8?] ??  d?? ?? S ???~d???? V?%??  d ?"?? ?H ?? ? ?0???޽h????? ?? ??????̙33???????r``N?T?6 G?U ?mB\XG$`i@\??,^TZ?e?g?i?k?cb?Z?po???A4 Paper (210x297 mm).j0m 2 Times New RomanSymbolMonotype SortsInternational+Fonkey Project Update: Target ApplicationsOutlineFonkey Project Status%What is Fonkey: Fonkey functionality!Design issues: Package structure Design issues: Types of Package Design issues: More informationFonkey Target Applications+Target Application: Extended PGP Keyserver0Target Application: Privilege Storage (for PMI)2Prospective Target Applications: Identity Server #Other possible uses (not intended)  Fonts UsedDesign Template Slide Titles  8@ _PID_HLINKS?A?Bhttp://www.ietf.org/internet-drafts/draft-shaw-openpgp-hkp-00.txt?&_???F0??Yuri DemchenkoYuri Demchenko??>>?-? $????????-? $??????-?--&????&????--BeM:--???w???w@} ????w???w ??w0- ????@Times New Roman???w???w ??w0-? .(2 ?? & 0 ?DMonotype Sorts(??????d? 0?? & 0??f???? ? .??@  @@``???  @?n???" dd@?????????  @@``?? z?r???i*& 3?2 +    &S ?~??????????1???????????0? ??????n?@???8???????g??4BdBdd? 0??????????p?pp?0 ? <?4BdBd???@ 0`??u?ʚ;2N??ʚ;<?4!d!d???= 0??<?4dddd???= 0???F?>?___PPT9? /? 0?z????-?@May 14, 2003. RIPE-45, Barcelona ?TFonkey Project Update: Target applicationsO? ?=?*???*Fonkey Project Update: Target Applications?0+($ ??DTechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko ?"E!$"?$ ?B5??Outline?  ??7Fonkey Project Status Design issues Target applications?88?" ??V??Fonkey Project Status??"Fonkey (former Donkey) Project at NLnet Labs - http://www.nlnetlabs.nl/fonkey/ System to distribute cryptographic keys and reference/attribute information bound by Digital Signature To serve as a sort of identification Project Status Current stage  definition and pilot implementation of basic client-storage functionality, including Package format Simple query language Publish, retrieve, search protocols Demo - available mid June For the next stage  p2p network infrastructure and related protocol and data format issues??OZgZ&ZZfZdZ\ZOg& fd\?G??i;??$What is Fonkey: Fonkey functionality???Fonkey allows anyone to publish a named key, together with optional data (Fonkey package) Fonkey is NOT a permanent storage: key must be republished to remain available Fonkey does NOT define a policy for key/payload usage This is an application specific function Fonkey allows anyone to search for a published key, based on the key's name (required) and signers (optional) Fonkey allows anyone to sign a published key ?lZ?)?Z?)?  ??U?? Design issues: Package structure??$Type  Type of Package: (Key | Named | Signature) Key  Owner s public key Properties  A set of name/value pairs To serve control/status and identification function Payload - Application specific content and format May include specific format definition (e.g., embedded XML Schema) Signatures  Signature used to ensure integrity and identity of Package Signed by Owner s private key Signed by others ??r42CH/. 4+C >/  ?G:??Design issues: Types of Package? ?  ???Generic Package structure  {Type, Public Key, Properties, Payload, Signature} Key Package  like generic package Unique ID is defined by Public Key Location by Public Key attributes/info Named Package  adds Name field to the generic package Unique ID is defined by Name and Key Location by Name Signature Package  adds Subject (ID of the package signed by this Signature) and References (to signed parts/portions) Unique ID is defined by Public Key and Subject Location by (Subject, Public Key) pair??P$J76xVP J *6  g  V??\??Design issues: More information? ? ???Package format Currently used Python data object format as an internal format and XML based exchange format Prospectively internal XML format and XML Protocol More information  Fonkey Project Overview http://www.nlnetlabs.nl/donkey/donkey-overview.pdf ?:?`?`????[??Fonkey Target Applications??zFonkey is kept as simple as possible to create easily deployable infrastructure Analysis of target applications requirements allows to define specific requirements and necessary extensions to the generic/basic functionality Applications under discussion PGP Keyserver with extended payload Privilege Storage (bound to PK based identity) Identity Server for Liberty Project applications  under discussion Other applications Location Server for IIDS Client applications requiring XMLSig functionality, e.g. WS/SOAP based AAA Agent, IODEF enabled Incident Handling System?|P???P???  ??? ???W??*Target Application: Extended PGP Keyserver??SReference - The OpenPGP HTTP Keyserver Protocol (HKP) ?http://www.ietf.org/internet-drafts/draft-shaw-openpgp-hkp-00.txt Specific requirements PGP key request via HTTP GET Operations - {get, index, vindex, x-?} Search - variable {key ID, V4 Fingerprint, V3 Fingerprint} Modifier = {options {mr, nm}, fingerprint, exact PGP key publish via HTTP POST OpenPGP Packet in an ASCII Armored format (RFC2440) Benefits/new functionality with Fonkey Adding application oriented payload Flexible search for Key information Building P2P infrastructure Integration with other types of PK infrastructures???ZZ?ZZ4Z'Z?Z??4 '?  !"#$%&'()*+,-./01234567S9:????<=>?@ABCDEFGHIJKLMNO?????R????TUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{;?????????Root Entry??????????d?O?????)?@????~?Current User????????????@JSummaryInformation(???????? PowerPoint Document(????j0DocumentSummaryInformation8????????????-??????????????????????????????????????6?(`???  ? ?????http://www.ietf.org/internet-drafts/draft-shaw-openpgp-hkp-00.txt??/? 0????DTimes New Roman(??t?\?d? 0t? & 0?DSymbolew Roman(??t?\?d? 0t? & 0 ?DMonotype Sorts(??t?\?d? 0t? & 0??f???? ? .??@  @@``???  @?n???" dd@?????????  @@``?? z?r???i*& 3?2 +    &S ?~??????????1???????????0? ??????n?@???8???????g??4BdBdd? 0h?????????p?pp?0 ? <?4BdBd???@ 0$??u?ʚ;2N??ʚ;<?4!d!d???= 0??<?4dddd???= 0???F?>?___PPT9? /? 0?z????-?@May 14, 2003. RIPE-45, Barcelona ?TFonkey Project Update: Target applicationsO? ?=?*???*Fonkey Project Update: Target Applications?0+($ ??DTechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko ?"E!$"?$ ?B5??Outline?  ??7Fonkey Project Status Design issues Target applications?88?" ??V??Fonkey Project Status??"Fonkey (former Donkey) Project at NLnet Labs - http://www.nlnetlabs.nl/fonkey/ System to distribute cryptographic keys and reference/attribute information bound by Digital Signature To serve as a sort of identification Project Status Current stage  definition and pilot implementation of basic client-storage functionality, including Package format Simple query language Publish, retrieve, search protocols Demo - available mid June For the next stage  p2p network infrastructure and related protocol and data format issues??OZgZ&ZZfZdZ\ZOg& fd\?G??i;??$What is Fonkey: Fonkey functionality???Fonkey allows anyone to publish a named key, together with optional data (Fonkey package) Fonkey is NOT a permanent storage: key must be republished to remain available Fonkey does NOT define a policy for key/payload usage This is an application specific function Fonkey allows anyone to search for a published key, based on the key's name (required) and signers (optional) Fonkey allows anyone to sign a published key ?lZ?)?Z?)?  ??U?? Design issues: Package structure??$Type  Type of Package: (Key | Named | Signature) Key  Owner s public key Properties  A set of name/value pairs To serve control/status and identification function Payload - Application specific content and format May include specific format definition (e.g., embedded XML Schema) Signatures  Signature used to ensure integrity and identity of Package Signed by Owner s private key Signed by others ??r42CH/. 4+C >/  ?G:??Design issues: Types of Package? ?  ???Generic Package structure  {Type, Public Key, Properties, Payload, Signature} Key Package  like generic package Unique ID is defined by Public Key Location by Public Key attributes/info Named Package  adds Name field to the generic package Unique ID is defined by Name and Key Location by Name Signature Package  adds Subject (ID of the package signed by this Signature) and References (to signed parts/portions) Unique ID is defined by Public Key and Subject Location by (Subject, Public Key) pair??P$J76xVP J *6  g  V??\??Design issues: More information? ? ???Package format Currently used Python data object format as an internal format and XML based exchange format Prospectively internal XML format and XML Protocol More information  Fonkey Project Overview http://www.nlnetlabs.nl/donkey/donkey-overview.pdf ?:?`?`????[??Fonkey Target Applications??zFonkey is kept as simple as possible to create easily deployable infrastructure Analysis of target applications requirements allows to define specific requirements and necessary extensions to the generic/basic functionality Applications under discussion PGP Keyserver with extended payload Privilege Storage (bound to PK based identity) Identity Server for Liberty Project applications  under discussion Other applications Location Server for IIDS Client applications requiring XMLSig functionality, e.g. WS/SOAP based AAA Agent, IODEF enabled Incident Handling System?|P???P???  ??? ???W??*Target Application: Extended PGP Keyserver??SReference - The OpenPGP HTTP Keyserver Protocol (HKP) ?http://www.ietf.org/internet-drafts/draft-shaw-openpgp-hkp-00.txt Specific requirements PGP key request via HTTP GET Operations - {get, index, vindex, x-?} Search - variable {key ID, V4 Fingerprint, V3 Fingerprint} Modifier = {options {mr, nm}, fingerprint, exact PGP key publish via HTTP POST OpenPGP Packet in an ASCII Armored format (RFC2440) Benefits/new functionality with Fonkey Adding application oriented payload Flexible search for Key information Building P2P infrastructure Integration with other types of PK infrastructures???ZZ?ZZ4Z'Z?Z??4 '??r!ANY9???m 0?8y??X??/Target Application: Privilege Storage (for PMI)??Specific Requirements Publish and retrieve/search for Subject s Attribute Certificate/Package Administrative interface for generating role-based AC (not necessary X.509) Benefits Flexibility in using XML Schema for Subject s attributes comparing to LDAP Possibility to integrate with PKC storage Issues to solve Policy definition Administrative interface Using SAML for attributes assertions ?t? uQ? uQ ??Y??1Prospective Target Applications: Identity Server ???Prospective Target application  Identity Server for federated identity management with Liberty Alliance Project (LAP) New set of LAP specifications published - http://www.projectliberty.org/ Using SAML and Web Services technology Trust management for dynamic identity federation Circles of trust initiated and controlled by user Promising area  needs further discussion ??xIX2*wIX2 )?????Z??"Other possible uses (not intended)??0Applications requiring XML Signature based functionality Adding XML Signature to proprietary XML Documents (e.g., IODEF) Adding XML Signature to SOAP based applications (e.g., AAA/Web Services) Mostly limited to Client functionality Location Server for IIDS (Interactive Intelligent Distributed Systems)?<9?G9?G/?? P?????P? `? ????????f??????`? ???3?????????????`? ???___?????????????>???" dd=??????????????" dd?=?????????????uA?4? d?O?" ?i ?n???" dd??????????   @@``P?P   4 O i`? p?@??@    ? ?)? ?( ? ??p ? ? ?H??????d???? ?'W??? ? ? ?Z????a????a?????????? ??x8???? ? ?T?? Click to edit Master title style?!? !?: ? ? ?T?????a????a????????? ??Sg??? ? ???RClick to edit Master text styles Second Level Third Level Fourth Level Fifth Level?!    ? S? ?  ?`?8?a????a??????????? ?? ????? ? ?`??*? ???=44OOii?  ?   ?`?\?a????a??????????? ?? `???   ?b??*? ???=44OOii?$ ?!  ?`??a????a??????????? ??!?????  ?|??Slide_*?( ???=44OOii?Z?F ?1?lY ?$ ??~???~ ?" ? ?N?????????2?????1?l$?~ ?# ? ?N?????????2?????1IlY??F ??? ?) ???c?8 ?% s ?B?C{DE?8F?@??????????????????@????????F??h??=?Zhz?zFz?\F3? @???????????????????0 ?& s ?B?C?DE?4F?<??????????????????@????? ????i??<?????<??#i?????@???????????????g?5?0 ?' s ?B-C?DE?4F?<??????????????????@????? ??o?????*l??,J??????Jz?o@???????????????Arn*? ?( ? ??BKCoDE?4F?<?????????? ??(%+(J27JQ+E%nEQ7@???????????????????H ? ? ?0??@??޽h??? ?? ??????????f?????? ?International?? ? ??@?% ?E?( ??4p? ~?p? ? ?^ ? ? ?6??????? ?@_??p ? ? ?H??????d???? ??_??? ? ? ?Z????a????a?????????? ????????  ?T?? Click to edit Master title style?!? !?? ? ? ?Z?\??a????a?????????? ??HZjG ??  ?W??#Click to edit Master subtitle style?$? $? ?  ?`? ??a????a??????????? ????????  ?\??*????=44OOii? ?  ?`????a????a??????????? ???S ???   ?^??*????=44OOii? ?  ?`????a????a??????????? ????????  ?n??Slide 2_*?  ???=44OOii?H ? ? ?0??@??޽h??? ?? ??????????f????????? ? ???p???$?( ? ???r ?? S ??P?d???x8????  d ? ??r ?? S ?? ?d???Sg??? d ? ??H ?? ? ?0???@??޽h?? ?? ??????????f??????r?o ɦ!??.??:??o????6?(`???  ? ?????http://www.ietf.org/internet-drafts/draft-shaw-openpgp-hkp-00.txt??/? 0????DTimes New Roman(??????d? 0?? & 0?DSymbolew Roman(??????d? 0??  !"#$%&'()*+,????./0123456789:;<=>?????A???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????8?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????Oh??+'??0? px??? ? ( 4 @ LX`?? HTTP и CGI TP=D:\msoffice\Templates\Presentation Designs\International.potaYuri Demchenkop363Microsoft PowerPoint 7.0sen@лWۏ@@????@`??X7?@?? ????G? ?????y  ?<&?????? &????&#????TNPP??2??OMi & TNPP? &????&TNPP   ?? ????-?-- !???-????-??-????--- !?T?F--?-&????u??&????-?-????- $u?u?~~????-? $~?~???????-? $???????>>?-? $????????-? $??????-?--&????&????--BeM:--???w???w@} ????w???w ??w0- ????@Times New Roman???w???w ??w0-? .(2 ??Fonkey Project Update:  #.????@Times New Roman???w???w ??w0-? .$2 ?Target Applications !  .--O Gl-- ????@Times New Roman???w???w ??w0-? .2 ?TechSec. .2 ??WG, RIPE#  . . 2 ?6- . . 2 ?A45. .2 ?X May 14, 2003   .????@Times New Roman???w???w ??w0-? .<2 ?#Yuri Demchenko          .--??"System !??????w-?&TNPP &????????՜.??+,??D??՜.??+,???x?????? ? ?? ????  ?r!ANY9???m 0?8y??X??/Target Application: Privilege Storage (for PMI)??Specific Requirements Publish and retrieve/search for Subject s Attribute Certificate/Package Administrative interface for generating role-based AC (not necessary X.509) Benefits Flexibility in using XML Schema for Subject s attributes comparing to LDAP Possibility to integrate with PKC storage Issues to solve Policy definition Administrative interface Using SAML for attributes assertions ?t? uQ? uQ ??Y??1Prospective Target Applications: Identity Server ???Prospective Target application  Identity Server for federated identity management with Liberty Alliance Project (LAP) New set of LAP specifications published - http://www.projectliberty.org/ Using SAML and Web Services technology Trust management for dynamic identity federation Circles of trust initiated and controlled by user Promising area  needs further discussion ??xIX2*wIX2 )?????Z??"Other possible uses (not intended)??0Applications requiring XML Signature based functionality Adding XML Signature to proprietary XML Documents (e.g., IODEF) Adding XML Signature to SOAP based applications (e.g., AAA/Web Services) Mostly limited to Client functionality Location Server for IIDS (Interactive Intelligent Distributed Systems)?<9?G9?G/?? P????rb??:?>?/????6?(`???  ? ?????http://www.ietf.org/internet-drafts/draft-shaw-openpgp-hkp-00.txt??/? 0????DTimes New Roman(??????d? 0?? & 0?DSymbolew Roman(??????d? 0?? & 0 ?DMonotype Sorts(??????d? 0?? & 0??f???? ? .??@  @@``???  @?n???" dd@?????????  @@``?? z?r???i*& 3?2 +    &S ?~??????????1???????????0? ??????n?@???8???????g??4BdBdd? 0??????????p?pp?0 ? <?4BdBd???@ 0`??u?ʚ;2N??ʚ;<?4!d!d???= 0??<?4dddd???= 0???F?>?___PPT9? /? 0?z????-?@May 14, 2003. RIPE-45, Barcelona ?TFonkey Project Update: Target applicationsO? ?=?(*???*Fonkey Project Update: Target Applications?0+($ ??DTechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko ?"E!$"?$ ?B5??Outline?  ??7Fonkey Project Status Design issues Target applications?88?" ??V??Fonkey Project Status??"Fonkey (former Donkey) Project at NLnet Labs - http://www.nlnetlabs.nl/fonkey/ System to distribute cryptographic keys and reference/attribute information bound by Digital Signature To serve as a sort of identification Project Status Current stage  definition and pilot implementation of basic client-storage functionality, including Package format Simple query language Publish, retrieve, search protocols Demo - available mid June For the next stage  p2p network infrastructure and related protocol and data format issues??OZgZ&ZZfZdZ\ZOg& fd\?G??i;??$What is Fonkey: Fonkey functionality???Fonkey allows anyone to publish a named key, together with optional data (Fonkey package) Fonkey is NOT a permanent storage: key must be republished to remain available Fonkey does NOT define a policy for key/payload usage This is an application specific function Fonkey allows anyone to search for a published key, based on the key's name (required) and signers (optional) Fonkey allows anyone to sign a published key ?lZ?)?Z?)?  ??U?? Design issues: Package structure??$Type  Type of Package: (Key | Named | Signature) Key  Owner s public key Properties  A set of name/value pairs To serve control/status and identification function Payload - Application specific content and format May include specific format definition (e.g., embedded XML Schema) Signatures  Signature used to ensure integrity and identity of Package Signed by Owner s private key Signed by others ??r42CH/. 4+C >/  ?G:??Design issues: Types of Package? ?  ???Generic Package structure  {Type, Public Key, Properties, Payload, Signature} Key Package  like generic package Unique ID is defined by Public Key Location by Public Key attributes/info Named Package  adds Name field to the generic package Unique ID is defined by Name and Key Location by Name Signature Package  adds Subject (ID of the package signed by this Signature) and References (to signed parts/portions) Unique ID is defined by Public Key and Subject Location by (Subject, Public Key) pair??P$J76xVP J *6  g  V??\??Design issues: More information? ? ???Package format Currently used Python data object format as an internal format and XML based exchange format Prospectively internal XML format and XML Protocol More information  Fonkey Project Overview http://www.nlnetlabs.nl/fonkey/donkey-overview.pdf ?:?`?`?,???[??Fonkey Target Applications??zFonkey is kept as simple as possible to create easily deployable infrastructure Analysis of target applications requirements allows to define specific requirements and necessary extensions to the generic/basic functionality Applications under discussion PGP Keyserver with extended payload Privilege Storage (bound to PK based identity) Identity Server for Liberty Project applications  under discussion Other applications Location Server for IIDS Client applications requiring XMLSig functionality, e.g. WS/SOAP based AAA Agent, IODEF enabled Incident Handling System?|P???P???  ??? ???W??*Target Application: Extended PGP Keyserver??SReference - The OpenPGP HTTP Keyserver Protocol (HKP) ?http://www.ietf.org/internet-drafts/draft-shaw-openpgp-hkp-00.txt Specific requirements PGP key request via HTTP GET Operations - {get, index, vindex, x-?} Search - variable {key ID, V4 Fingerprint, V3 Fingerprint} Modifier = {options {mr, nm}, fingerprint, exact PGP key publish via HTTP POST OpenPGP Packet in an ASCII Armored format (RFC2440) Benefits/new functionality with Fonkey Adding application oriented payload Flexible search for Key information Building P2P infrastructure Integration with other types of PK infrastructures???ZZ?ZZ4Z'Z?Z??4 '??r!ANY9???m 0?8y??X??/Target Application: Privilege Storage (for PMI)??Specific Requirements Publish and retrieve/search for Subject s Attribute Certificate/Package Administrative interface for generating role-based AC (not necessary X.509) Benefits Flexibility in using XML Schema for Subject s attributes comparing to LDAP Possibility to integrate with PKC storage Issues to solve Policy definition Administrative interface Using SAML for attributes assertions ?t? uQ? uQ ??Y??1Prospective Target Applications: Identity Server ???Prospective Target application  Identity Server for federated identity management with Liberty Alliance Project (LAP) New set of LAP specifications published - http://www.projectliberty.org/ Using SAML and Web Services technology Trust management for dynamic identity federation Circles of trust initiated and controlled by user Promising area  needs further discussion ??xIX2*wIX2 )?????Z??"Other possible uses (not intended)??0Applications requiring XML Signature based functionality Adding XML Signature to proprietary XML Documents (e.g., IODEF) Adding XML Signature to SOAP based applications (e.g., AAA/Web Services) Mostly limited to Client functionality Location Server for IIDS (Interactive Intelligent Distributed Systems)?<9?G9?G/?? P??????? ? ???????$?( ? ???r ?? S ???n???x8????  n ? ??r ?? S ??8n???Sg??? n ? ??H ?? ? ?0???@??޽h?? ?? ??????????f??????rc??B.?Z???.0?