Hi, The two versions of the attribute certificate API are more or less the same, version 0.2 has some bug fixes but I didnt check it in Linux (I do not have spare time :). It also has an early version of an issuing tool which issues certificates by registering callbacks. Callbacks are used to provide the different certificate fields as subject, role, extensions, privileges... and to sign the certificate, since the private key might be inside a token or the role or privileges can be provided by external engines (SoA - AA).
I was working on a verifier but I need to find it, I will check the CVS of the department. My idea was to verify certificates by constructing the entire chain of attribute certificates taking into account possible delegations. The problem is that delegation makes the verifier extremely complex since it might be necessary to verify multiple chains, one for every delegation path with an associated identity certificate chain. I will try to find it but it is work-in-progress. It will be better to develop a verifier without considering delegation and let refinements (support for delegation) for later. What do you think about it? I can help you moving my implementation to OpenSSL, validating it in Windows and Windows Mobile and also developing a simple verifier. Regards, Dani Richard Levitte <[EMAIL PROTECTED]> dijo:
Hey Daniel, I'm going to start working on having ACs in OpenSSL this week (starting tomorrow), and just downloaded v0.1 and v0.2. Any chance you have a verifier for me to look at? Cheers, Richard In message <[EMAIL PROTECTED]> on Fri, 8 Jun 2007 15:49:43 +0200, "Daniel Diaz Sanchez" <[EMAIL PROTECTED]> said: dds> Hello, dds> dds> I have compiled the Attribute Certificate API on Linux and it is working dds> with OpenSSL 0.9.8a (I didn't check other versions) dds> dds> dds> The source can be downloaded at dds> http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml dds> dds> There are 3 versions: dds> dds> Version 0.1 (Windows only) dds> Version 0.1 (Linux/Windows) some minor changes to the Windows version (types dds> and casts). It should work in windows also. dds> Version 0.2 (Windows) Includes some bugfixes and new functions to assist the dds> issuing process. Those new functions can be personalized using callbacks. dds> New functions are not yet covered by documentation. dds> dds> dds> I will try to move version 0.2 to Linux and also to finish the verifier for dds> version 0.3 (if I have some spare time) dds> dds> Regards, dds> dds> Daniel dds> dds> dds> dds> -- dds> Daniel Diaz Sanchez dds> Telecommunication Engineer dds> Researcher / Teaching Assistant dds> dds> Dep. Ing. Telemática dds> Universidad Carlos III de Madrid dds> Av. Universidad, 30 dds> 28911 Leganés (Madrid/Spain) dds> Tel: (+34) 91-624-6233, Fax: -8749 dds> dds> Web: www.it.uc3m.es/dds dds> web: http://www.it.uc3m.es/pervasive dds> A toolkit for attribute certificates: dds> http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml dds> dds> Mail: dds[at].it.uc3m.es dds> Skype: dds.it.uc3m.es dds> dds> dds> dds> ______________________________________________________________________ dds> OpenSSL Project http://www.openssl.org dds> User Support Mailing List [EMAIL PROTECTED] dds> Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
-- ---- DANIEL DIAZ SANCHEZ WebCartero Universidad Carlos III de Madrid ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
