Generic Support for PKIX Certificate Management in CDSA

The Common Data Security Architecture (CDSA) from the Open Group is a flexible standard that defines APIs for security services needed for implementing Public Key Infrastructure (PKI). The emerging IETF Public Key Infrastructure (PKIX) standards provide certificate management protocols geared toward the Internet. The PKIX specifications define the expected behavior of the PKI, but do not provide abstractions that can be used by exploiting applications. In this paper we show the feasibility and design methodology of extending CDSA abstractions to support PKIX certificate management. To achieve this, we model a general, end-to-end system architecture based on CDSA that exploits PKIX certificate management model, and discuss the merits of this system from the application and system architecture perspectives. We conclude the paper with a discussion of the resulted generic CDSA version 2.0 API that support PKIX certificate management model.