X.509 Proxy Certificates for Client Authentication

The focus of this project is in exploring details of how Restricted X.509 Proxy Certificates can be used as a means of identification and authorisation in a range of application contexts distinct from the grid computing community in which they were developed. More specifically, we are interested in applications where a server issues proxy certificates to user clients to grant them (possibly restricted) access to the service. They thus function as a capability. This is the opposite sense to how they are used in the grid computing community, where a client users issues the proxy certificate to the grid in order to grant to it some of the user's privileges. We are currently exploring several specific application contexts: including their use to authorize the connection of first-responders mobile devices to a restricted ad-hoc network created to handle some emergency; as a mechanism that would allow an anonymous user to make contributions to a project (such as entries into a wiki), whilst still allowing the service to track their contributions as distinct from those of others; and to authorise client use of a home area network (HAN) granting different rights to different categories of devices.

This project was started when Dr Lawrie Brown was on sabbatical visiting the Dept of Telematics at NTNU (Norwegian University of Science and Technology) in Trondheim, Norway, as a NordSecMob scholar with support from the European Commission under the Erasmus Mundus program during S1 2010.


Dr Lawrie Brown / 15 Feb 2011