Organization for the Advancement of Structured
OASIS is a not-for-profit, global consortium that drives the
development, convergence and adoption of e-business
produces worldwide standards for security, Web services, XML
conformance, business transactions, electronic publishing,
maps and interoperability within and between marketplaces.
Oxford e-Science Centre
Project partner in the
to OeSC's role in this project).
One of the regional e-Science centres, based
and technically) within
OUCS and comprising
projects and expertise from across the University. There are
many Oxford e-Science projects (see
Online Certificate Status Protocol
||A simple request/reply protocol that allows clients to ask an
"OCSP responder" about the revocation status ofone
or more certificates. The OCSP responder returns digitally
signed responses regarding the status of the certificates
identified in the request. (Other protocols are being
worked-on and OCSP may be soon overtaken).
Out Of Band
||Parties communicating by a different method from the current
method of communication. Examples may include using a
different port during a security exchange, or by picking up
the telephone or sending hard-copy to communicate something.
Oxford University Computing Services
OUCS operates, develops and supports Oxford University's
computing infrastructure and services including facilities
as the network backbone and its external connections;central
email, web, news, and backup servers; and other core
wide support services including security and anti-virus
It is also one of the primary partners of the
DCOCE project and most
the project team are based within OUCS.
to OUCS' role in this project).
Privacy Enhanced Mail
PEM is an Internet Engineering Task Force (IETF) standard for
secure e-mail. The PEM format is often used for encoding
certificates and keys in ASCII. Pretty Good Privacy (PGP) is a competing protocol.
PrivilEge and Role
PERMIS is all about PMI
(Privilege Management Infrastructure)
and uses X.509
certificates for attribute
Pretty Good Privacy
Working system for the cryptographic protection of
and files. Invented by Phil Zimmerman. For several years
Zimmerman was at odds with (and in litigation with) the US
authorities, due to the use of cryptography being considered
military technology. However, PGP is now widely used across
||An "optional feature that may be used by a CA to indicate
that the certificate relates to the same individual even if
the name of that individual has changed".
It is a new form of name for human certificate holders that
may be included in the subjectAltName extension.
Public Key Certificate
"A data structure containing the
public key of an end-entity and some other information,
which is digitally signed with the private key of the CA
which issued it."
Public Key Cryptography Standard #10
PKCS#10 defines a syntax for requests for public key certificates. A certification
request contains a Distinguished Name (DN) and a public key, and optionally a
set of other attributes, signed by the entity requesting the certificate.
The request is sent to a CA who creates
a X.509 public key certificate (or some other form) using the information from
the PKCS#10 and returns it, (possibly in PKCS #7 format.)
In the DCOCE project Microsoft Internet Explorer certificate requests will be
in the PKCS#10 format. Netscape and Mozilla based requests will be in SPKAC format.
Public Key Cryptography Standard #12
PKCS#12 is a standard format for the exchange of private data.
It simplifies the process to transfer certificates and related
keys from one machine to an other in a secure manner.
that allow you to export certificates and keys to files will
the PKCS#12 format. Unfortunately, PKCS#12 containers are
protected by encryption with a user supplied password and
this can be
very weak. Even worse: many applications currently allow the
enter an empty password. Another related issue is that there
defined mechanism to destroy these files after they have
and are no longer required.
Public Key Infrastructure
"The set of hardware, software,
people, policies and procedures needed to create, manage,
store, distribute, and revoke
based on public-key cryptography".
an Open Source implementation.
PKIs are currently
but there is no single agreed-upon standard that ensures
interoperability. The IETF
PKIX working group profiles ITU
PKI standards as wellas
developing new standards for the use
of X.509 based PKIs in the Internet.
"A collection of Attribute
Certificates (ACs), with
their issuing Attribute
subjects, relying parties, and
repositories, is referred to as a Privilege Management
Pseudonymity describes the concept of using pseudonymous transactions as opposed to the use of 'identified' or 'anonymous' transactions.
A transaction is pseudonymous in relation to a particular party if the transaction data contains no direct identifier for that party, and can only be
related to them in the event that a very specific piece of additional data is associated with it. The data may, however, be indirectly associated with the
person, if particular procedures are followed (from Roger Clarke's discussion of these issues). See
this for an interesting analysis of these concepts.