Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 8. Key Management Framework (KMF) > KMF Policy-Enforcement Mechanism

8.2. KMF Policy-Enforcement Mechanism

Popular key-management systems currently lack interfaces or utilities for configuring the policies that govern the use of keys and certificates on the system. X.509v3 certificates are designed to be extensible and potentially contain a great deal of metadata that can be used to dictate how those certificates can be used by PKI-enabled applications. Additionally, the validation algorithms for X.509 certificates as defined in the PKIX specification (RFC 3280) have a set of input parameters that control various decisions in the validation process.

KMF introduces a system-wide PKI policy database. Applications must use the KMF library in order to take advantage of the policy enforcement system. Administrators define policies that the KMF library uses when performing operations that involve certificates.


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint