Digital Certificate Operation in a Complex Environment
homebackgroundprojectdocumentsdesignglossary
navigation search
search query:

4. Glossary O - P

OASIS Organization for the Advancement of Structured Information Standards OASIS is a not-for-profit, global consortium that drives the development, convergence and adoption of e-business standards. OASIS produces worldwide standards for security, Web services, XML conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces.
See http://www.oasis-open.org/
OeSC Oxford e-Science Centre Project partner in the DCOCE project. (See some background to OeSC's role in this project).
One of the regional e-Science centres, based (administratively and technically) within OUCS and comprising projects and expertise from across the University. There are many Oxford e-Science projects (see http://e-science.ox.ac.uk/ ).
OCSP Online Certificate Status Protocol A simple request/reply protocol that allows clients to ask an "OCSP responder" about the revocation status ofone or more certificates. The OCSP responder returns digitally signed responses regarding the status of the certificates identified in the request. (Other protocols are being worked-on and OCSP may be soon overtaken).
OOB Out Of Band Parties communicating by a different method from the current method of communication. Examples may include using a different port during a security exchange, or by picking up the telephone or sending hard-copy to communicate something.
OUCS Oxford University Computing Services OUCS operates, develops and supports Oxford University's primary computing infrastructure and services including facilities such as the network backbone and its external connections;central email, web, news, and backup servers; and other core university- wide support services including security and anti-virus support. It is also one of the primary partners of the DCOCE project and most of the project team are based within OUCS. (See some background to OUCS' role in this project).
PEM Privacy Enhanced Mail PEM is an Internet Engineering Task Force (IETF) standard for secure e-mail. The PEM format is often used for encoding certificates and keys in ASCII. Pretty Good Privacy (PGP) is a competing protocol.
PERMIS PrivilEge and Role Management Infrastructure Standards Validation PERMIS is all about PMI (Privilege Management Infrastructure) and uses X.509 certificates for attribute (authorisation) purposes.
PGP Pretty Good Privacy Working system for the cryptographic protection of electronic mail and files. Invented by Phil Zimmerman. For several years Zimmerman was at odds with (and in litigation with) the US authorities, due to the use of cryptography being considered to be military technology. However, PGP is now widely used across the world.
PI Permanent Identifier An "optional feature that may be used by a CA to indicate that the certificate relates to the same individual even if the name of that individual has changed". It is a new form of name for human certificate holders that may be included in the subjectAltName extension.
http://www.ietf.org/proceedings/00jul/I-D/pkix-pi-00.txt
PKC Public Key Certificate IETF definition: "A data structure containing the public key of an end-entity and some other information, which is digitally signed with the private key of the CA which issued it."
PKCS#10 Public Key Cryptography Standard #10 PKCS#10 defines a syntax for requests for public key certificates. A certification request contains a Distinguished Name (DN) and a public key, and optionally a set of other attributes, signed by the entity requesting the certificate. The request is sent to a CA who creates a X.509 public key certificate (or some other form) using the information from the PKCS#10 and returns it, (possibly in PKCS #7 format.)
In the DCOCE project Microsoft Internet Explorer certificate requests will be in the PKCS#10 format. Netscape and Mozilla based requests will be in SPKAC format.
PKCS#12 Public Key Cryptography Standard #12 PKCS#12 is a standard format for the exchange of private data. It simplifies the process to transfer certificates and related private keys from one machine to an other in a secure manner. Applications that allow you to export certificates and keys to files will often use the PKCS#12 format. Unfortunately, PKCS#12 containers are only protected by encryption with a user supplied password and this can be very weak. Even worse: many applications currently allow the user to enter an empty password. Another related issue is that there is no defined mechanism to destroy these files after they have been used and are no longer required.
PKI Public Key Infrastructure IETF definition: "The set of hardware, software, people, policies and procedures needed to create, manage, store, distribute, and revoke PKCs based on public-key cryptography". OpenSSL provides an Open Source implementation.
PKIX PKIs are currently evolving, but there is no single agreed-upon standard that ensures interoperability. The IETF PKIX working group profiles ITU PKI standards as wellas developing new standards for the use of X.509 based PKIs in the Internet.
See http://www.ietf.org/html.charters/pkix-charter.html
PMI Privilege Management Infrastructure IETF definition: "A collection of Attribute Certificates (ACs), with their issuing Attribute Authority's (AA's), subjects, relying parties, and repositories, is referred to as a Privilege Management Infrastructure".
Pseudonymity Pseudonymity describes the concept of using pseudonymous transactions as opposed to the use of 'identified' or 'anonymous' transactions. A transaction is pseudonymous in relation to a particular party if the transaction data contains no direct identifier for that party, and can only be related to them in the event that a very specific piece of additional data is associated with it. The data may, however, be indirectly associated with the person, if particular procedures are followed (from Roger Clarke's discussion of these issues). See this for an interesting analysis of these concepts.

Up: Contents Previous: 3. Glossary G - N Next: 5. Glossary R - S

Oxford University Computing Services Mimas Athens access management services Oxfore e-Science Centre Systems and Electronic Resources Service Joint Information Systems Committee