Digital Certificate Operation in a Complex Environment
homebackgroundprojectdocumentsdesignglossary
navigation search
search query:

5. Glossary R - S

RA Registration Authority IETF definition: "An optional entity given responsibility for performing some of the administrative tasks necessary in the registration of subjects, such as: confirming the subject's identity; validating that the subject is entitled to have the values requested in a PKC [Public Key Certificate]; and verifying that the subject has possession of the private key associated with the public key requested for a PKC".
RC2,RC4,RC5 Ron's Cipher Symmetric key algorithms develeoped by Ronald Rivest of RSA Data Security. Tried to keep algorithms secret, but they eventually leaked out.
Relying party IETF definition: "A user or agent (e.g., a client or server) who relies on the data in a certificate in making decisions.".
Revocation Causing a certificate to be invalid. Revocation means that the certificate may have been valid, but is valid no longer and positive authentication should not go ahead. Revocation occurs, for example, when a user has compromised his/her certificate and needs a new one or when they are no longer eligible to hold a certificate. See also CDP, CRL, OCSP, PKI.
Rinjdael (AES) Advanced Encryption Standard Symmetric key algorithm. Fast and compact. Can use keys of 128, 192 or 256 bits in length.
Root CA Root Certification Authority IETF definition:"A Certification Authority (CA) that is directly trusted by an end-entity (EE); that is, securely acquiring the value of a Root CA public key requires some out-of-band step(s). This term is not meant to imply that a Root CA is necessarily at the top of any hierarchy, simply that the CA in question is trusted directly. Note that the term 'trust anchor' is commonly used with the same meaning as 'root CA' ".
RSA Rivest, Shamir and Adelman Public Key Cryptography system. Widely used. Can be used for encrypting information and as the basis for digital signatures. See also asymmetric encryption.
Also RSA can be used to mean 'RSA Security Incorporated' - a commercial company
http://www.rsasecurity.com/
SAML Security Assertion Markup Language SAML is a dialect of eXtensible Markup Language (XML). Its main purpose is to provide a method so that a user can log on once for (associated but separate) Web sites and possibly other 'services'.
SAML is part of the underpinning ideas of Shibboleth and now part of the OASIS standards.
SECURe Secure Environment for Certificated Use of Resources Project within the ANGEL initiative that is part of the AAA programme. Using Shibboleth.
http://www.angel.ac.uk/secure/
SERS Systems and Electronic Resources Service at Oxford University Library Services Main project partner to the DCOCE project at the University of Oxford. (See some background to SERS' role in this project).
http://www.sers.ox.ac.uk/
SHA-1 Secure Hash Algorithm 1 Secure Hash Algorithm was developed and published by the NIST in 1994. The algorithm creates a 160 bit message digest from a up to 2^64 bit long message.
Shibboleth An open source implementation to support inter-institutional sharing of web resources subject to access controls. Also developing a policy framework that will allowinter-operation within the higher education community (with 'federated' administration).
http://shibboleth.internet2.edu/
Short lived certificates Alternative to having to worry about revocation mechanisms that can be a problem for defending against denial ofservice attacks (see SAML, CRL and CDP). It may be more efficient (and safer) to get a new certificate before each major transaction (as opposed to the recipient of the certificate verifying it with the CA each time).
SPKAC Signed Public Key And Challenge SPKAC (very similar to PKCS#10) defines a syntax for requests for public key certificates. A certification request contains a Distinguished Name (DN) and a public key, signed by the entity requestingthe certificate. The request is sent to a CA who creates a X.509 public key certificate (or some other form) using the information from the SPKAC and returns it.
In the DCOCE project Microsoft Internet Explorer certificate requests will be in the PKCS#10 format. Netscape and Mozilla based requests will be in SPKAC format.
SSH Secure Shell Virtual terminal program (like Telnet). SSH can be used with public key cryptography for authentication as an alternative to passwords.
SSL Secure Sockets Layer Layer that exists between the raw TCP/IP protocol and the application layer. Uses cryptography to authenticate the server, client and keep the data passing between them secret from anything 'listening in'. Now embedded in most browsers.
Subordinate CA Subordinate Certification Authority IETF definition: "A 'subordinate CA' is one that is not a Root CA for the end-entity (EE) in question. Often, a subordinate CA will not be a Root CA for any entity but this is not mandatory".
Subject Within the context of PKI, the term 'subject' is used to refer to the entity named in the subject field of a certificate. X.509 uses distinguished names (DN) to identify subjects. A subject field in a X.509 certificate might look like this:
C=UK, O=eScience, OU=Authority, CN=CA
IETF definition: "A subject is the entity (AA, CA, or EE) named in a certificate, either a PKC or AC. Subjects can be human users, computers (as represented by Domain Name Service (DNS) names or Internet Protocol (IP) addresses), or even software agents".
http://www.ietf.org/internet-drafts/draft-ietf-pkix-roadmap-09.txt
Symmetric encryption See also encryption. Symmetric encryption involves encrypting and de-crypting information using the same key. It is less processor-intense than asymmetric encryption but requires a key exchange at some stage. Keys have to remain secret anda different key may be required for every entity that communicates with you. Therefore, secure encryption using symmetric keys alone does not scale well. Symmetric keysare often exchanged under cover of asymmetric encryption. See also asymmetric encryption.

Up: Contents Previous: 4. Glossary O - P Next: 6. Glossary T - Z

Oxford University Computing Services Mimas Athens access management services Oxfore e-Science Centre Systems and Electronic Resources Service Joint Information Systems Committee