A new edition of the X.509 ITU standard for implementing Public Key Infrastructures (PKI) in e-commerce applications will accelerate global e-commerce through enhancing authentication and authorisation specifications, says the International Telecommunication Union (ITU).
Study Group 7 of the ITU Telecommunication Standardization Sector has approved a new edition of Recommendation X.509, which is a broadly accepted standard suitable for many environments.
The IT industry views X.509 as the definitive reference for designing applications-related PKI. The elements defined within X.509 are widely utilised, from securing the connection between a browser and a server on the Web to providing digital signatures that enable electronic transactions to be conducted with the same confidence as in a traditional paper-based system.
"The ITU is pleased that study has begun towards enriching Recommendation X.509 to better support the use of public key and attribute certificate frameworks in both resource constrained environments, such as wireless communications, and B2B [business-to-business] environments including Web-based e-commerce as well as B2B services and protocols," says Houlin Zhao, director of ITU`s Telecommunication Standardization Bureau.
This new edition, developed in close co-operation with ISO/IEC and the ISOC/IETF, replaces the 1997 edition. It contains specific enhancements to public key certificates to support the correct processing of certification paths that involve multiple certification authorities within multiple enterprises, as well as enhancements in certificate revocation.
It also contains a significant enhancement to attribute certificates and definition of the framework for Privilege Management Infrastructure. Attribute certificates will play a major role in globally addressing the complex security issues of access control and authorisation.
They are a standardised mechanism for defining user access privileges in a multi-vendor and multi-application environment. These issues are only now coming to the attention of many IT planners, as organisations move their mission-critical business relationships to the Web.
Share
