Digital credentials play a pivotal role in the electronic realm. They are a useful component for establishing secure communication links, such as TLS, and allow users to prove their identity to online authentication mechanisms. In addition to establishing the identity of the possessor, digital credentials can also assert attributes of their owners. These types of credentials are particularly invaluable to protocols that establish trust between strangers in open systems, such as trust negotiation. In plain and simple terms, these credentials enable users to perform secure interactions with their PKI peers.
Protocols that make use of digital credentials provide safeguards that protect the credentials during the life of the transaction. These protocols do not, however, concern themselves with the protection of these credentials outside the context of the transaction. This responsibility is usually delegated to a secure repository. Many different types of repositories have been created to protect this sensitive information.
Securely Available Credentials
Securely Available Credentials (SACRED) is an IETF proposed standard for online credential storage and retrieval. It is specified in three RFCs (3157, 3760, 3767). SACRED uses a client/server architecture and defines the messages, protocols, and behaviors that the client and credential server must follow to communicate with each other.
A reference implementation for both clients and servers has been created through a collaborative effort with the National Center for Supercomputing Applications at the University of Illinois at Urbana-Champaign. For more information concerning this implementation and collaboration visit the project website at http://sourceforge.net/projects/sacred/.
Thor
Mobile environments create significant challenges for secure credential repositories. We examined these challenges with respect to existing repository practices and produced a set of requirements that a repository must meet in order to cope with the harshness of a mobile environment. We also designed and implemented Thor (The hybrid online repository), a system that fulfills these requirements. Thor leverages preexisting local and remote repositories and enhances their usability and security through virtual organization, credential identifier obfuscation, and password management.
T. W. van der Horst and K. E. Seamons. Short Paper: Thor -- The Hybrid Online Repository. First IEEE International Conference on Security and Privacy for Emerging Areas in Communications Networks, Athens, Greece, September 2005. slides
Masters Thesis: Thor: The Hybrid Online Repository. February 2005.
Download the software here.