Policy-directed certificate retrieval

Any large scale security architecture that uses certificates to provide sec urity in a distributed system will need some automated support for moving c ertificates around in the network. We believe that for efficiency, this aut omated support should be tied closely to the consumer of the certificates: the policy verifier. As a proof of concept, we have built QCM, a prototype policy language and verifier that can direct a retrieval mechanism to obtai n certificates from the network. Like previous verifiers, QCM takes a polic y and certificates supplied by a requester and determines whether the polic y is satisfied. Unlike previous verifiers, QCM can take further action if t he policy is not satisfied: QCM can examine the policy to decide what certi ficates might help satisfy it and obtain them from remote servers on behalf of the requester. This takes place automatically, without intervention by the requester; there is no additional burden placed on the requester or the policy writer for the retrieval service we provide. We present examples th at show how our technique greatly simplifies certificate-based secure appli cations ranging from key distribution to ratings systems, and that QCM poli cies are simple to write. We describe our implementation, and illustrate th e operation of the prototype, Copyright (C) 2000 John Wiley gr Sons, Ltd.