- ...
- footnote
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...HREF="footnode.html#">
![[*]](icons/foot_motif.gif)
- b1416Towards Web Security Using Plasma
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...Plasma
- The
Script is stored together with the other media specific data objects
into a Container by Plasma -- with the Container being a
collection object maintaining its subobjects as a list.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...creation
- The services non-repudiation and
digital signature creation do not differ from a purely technical
viewpoint; however, in the latter case the user must be given an opportunity
to actively confirm that he wants to sign the given document.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...operation
- A cryptographic
algorithm is referred to herein as a protocol since for example in the case of
the DES algorithm the protocol for reverting the encryption on behalf of the
recipient is well defined.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...exchanged
- For the necessary
background of cryptographic material refer for example to
[15].
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...service
- The ``protocol''
None is for document parts which should not be treated
cryptographically.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...Plasma
- Through
the object oriented design of the security platform Plasma, as described in
[7], it is easily possible to integrate further generic
security services into the platform.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...certificates
- The certificate structures used in
SecuDe comply with the X.509 authentication framework [15]
which requires the existence of certification authorities for the
certification of the asymmetric public keys.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...request
- The Mosaic browser family offers a feature to access
programs such as security platforms directly from the web client. To achieve
this goal, the CCI was defined for the client side and on the server side the
CGI specification was established.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...Plasma
- Plasma on both sides is
capable of securing several simultaneous communications, so a web server is
able to serve several clients simultaneously and similarly a client is capable
of starting several simultaneous requests to different servers using secure
connections.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...DName
- DName s are unique
identifiers of the participating parties which are defined in the X.500
standards suite (cf. [15]).
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...side
- This requires the
application on the client side to detect the condition that the API function
putDocument() for cryptographic operations in ``to'' direction must
be called, therefore the request type ContRequest , which is also a
Plasma packet, was introduced.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...Plasma
- This requires the
application on the client side to detect the condition that the API function
for conncection shutdown must be called, therefore the request type
FinlRequest was introduced, also a Plasma packet.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
