Calculating Trust Level Of X.509 Certificates - Infonomics Society

1y ago
31 Views
2 Downloads
1.49 MB
10 Pages
Last View : 24d ago
Last Download : 6m ago
Upload by : Arnav Humphrey
Transcription

Journal of Internet Technology and Secured Transactions (JITST), Volume 5, Issue 2, June 2016Calculating Trust Level of X.509 CertificatesZakia El uahhabi, Hanan El bakkaliInformation Security Research TeamENSIAS - Mohammed V UniversityRabat, MoroccoAbstractThe X.509 certificate is widely used by theorganizations and people in order to confirm theiridentities in online transaction. It is created, signed,and issued by certificate authority (CA) following theprocedures which are defined in a certificate policy.However, the deficiency in these procedures maycreate a trust lack in the certificate. Also, due to theCA failures or compromises, the risk of trusting amalicious certificate increase. Then, relying party(RP) should verify certificate trustworthiness inorder to accept it or not. In reality, it is difficult forRP who hasn’t the technical competences to judge it.In this context, he needs an automated mechanismfor evaluating a certificate trust level. In this paper,we provide him this mechanism. In fact, we suggest anew architecture for calculating a certificate trust. Aproposed algorithm is used by this architecture andtakes as input three parameters that are the rating ofcertification fields content, the certificate policyquality, and the calculated CA trust level.1. IntroductionPublic Key Infrastructure (PKI) is an effectivetechnology used for management and distribution ofpublic keys and certificates in order to ensure thesecurity of electronic communication and transactionin open environment. The trust propagation in thisinfrastructure depends on its syntactic trust structurewhich is known as a trust model [4]. PKI trust modelpermits to extend and manage trust relationshipsbetween different parties along a set of certificatesproviding a trust chain.In X.509 PKI, certificate authority (CA) issues acertificate, which presents a proof for confirming itsholder identity, by using its own rules that are definedin certificate policy (CP) and certification practicestatement (CPS). In open network, a CA can beattacked and used to issue fraudulent certificates andfalse signature. So, trust level of these certificatescomes into a question. Moreover, RP should verifycertificate trustworthiness in order to accept it or not.He needs to verify its signature, certification pathfrom the certificate to a root certificate, so on, Also,he needs to read a CP/CPS that the CA follows duringthe certificate life cycle. Practically, it is difficult forthem to evaluate the CP/CPS which is technical andlong. Consequently, RP needs an automatedCopyright 2016, Infonomics Societymechanism for making a trust decision about areceived certificate. In this paper, we suggest thismechanism used for determining a certificate trustlevel.The objective of our paper is to define a trustframework that will automatically calculate a trustlevel associated with certificate (TLoCERT). Forinstance, when RP receives a certificate issued by aspecific CA, he needs to check its trustworthiness. Inorder to make a decision about whether to accept ornot a received certificate, he requests from oursystem its TLoCERT.We have contributed in suggesting an algorithmused by our proposed framework for computing acertificate trust level. This algorithm takes as inputthree parameters which are the certificate policyquality (CPQ) which evaluate the quality of theprocedures announced in the published CP, thecomputed CA trust level (TLoCA), and the rating ofcertificate fields content that define the initialassessment of certificate correctness. We will talk indetails about its calculation method in Section V.The rest of this paper is structured as follows. Webriefly recall the notions and concepts of trust andreputation in the Section II. Section III presents somerelated work. Afterward, in Section IV, we describeour suggested trust framework architecture. Section Vpresent our proposed trust level calculation algorithm.Then, we define in Section VI a scenario thatillustrates how RP makes a decision about acertificate trustworthiness using our solution. The lastsection presents a conclusion and some of futureworks.2. Trust and Reputation ConceptsReputation plays a crucial role in the process oftrust building. It is important to note that the conceptof reputation is closely related to that of trust, but it isclear that they are different. Reputation can beconsidered as a collective measure of trustworthinessbased on the referrals or ratings from other membersin a community [2]. It is assessed by using areputation system which aggregates these ratings.Moreover, a reputation value may be one importantparameter that can be used to evaluate trust. In thispaper, we measure a CA’s trustworthiness whichplays the trustee role. Our approach is also based onthe measurement of CAs reputation.464

Journal of Internet Technology and Secured Transactions (JITST), Volume 5, Issue 2, June 2016Trust and trustworthiness are generally confused,they are distinct concepts. Trustworthiness is aproperty or characteristic of an individual while trustis an attribute of an established relationship betweenexchange partners [3, 1]. Both concepts help the userto make decisions and complement each other. Ingeneral, the most researchers define the trust conceptin a particular context. In this paper, we present somedefinitions which can be applicable to e-servicesenvironment.In [6], the authors define trust as the subjectiveexpectation an agent has about another’s futurebehavior based on the history of their encounters.Moreover, the definition of trust is related to partywillingness to be vulnerable to the actions ofanother party based on the expectation that theother will perform a particular action important tothe trustor, irrespective of the ability to monitor orcontrol that other party [7].Josang et al.[8] define trust as the extent towhich a given party is willing to depend onsomething or somebody in a given situation with afeeling of relative security. In our approach, RPsmake a decision about the certificate trustworthinessbased on its trust level. Thus, our approach is basedon this definition.Clearly, the trustee reputation may influencedecisions made by a trustor [4]. The reputationconcept is closely related to that of trustworthinessand trust, but it is evident that they are distinct.According to Josang et al. [2], reputation is what isgenerally said or believed about a person’s or thing’scharacter or standing. It is based on the reviews orrating from member in a community and can beconsidered as a collective measure of trustworthiness[2]. The difference between trust and reputation canbe illustrated by the following statements [8]:1. “I trust you because of your good reputation.”2. “I trust you despite your bad reputation.”Statement 1 reflects that a relying party bases histrust on the reputation trustee. Statement 2 reflectsthat the RP has some private knowledge about thetrustee which is based on various factors.In this paper, we focus on determining the CAtrust level which defines its trustworthiness based onthe various factors such as a CA reputation. Thecalculated level is one of the parameters used formeasuring the certificate trust level.3. Related workMany approaches are suggested for evaluatingtrust in PKI. In this regard, some approaches arediscussed below. The authors in [9] propose a trustmodel for assessing trust in PKI. They introduce atrust calculus in order to propagate and derive trustamong different entities in a certification chain. Theproposed approach of [10,11] defines a mechanismfor evaluating a CA trustworthiness by using adistributed reputation system. This system aggregatesthe given user trust view, which presents theCopyright 2016, Infonomics Societycollected information about the CAs while browsingwebsites, in order to compute an issuer trustrecommendation value. The calculated value isdistributed to users for making decision aboutcertificate trustworthiness. However, the suggestedapproach necessities a long time until a user haveknown all required CAs on the basis of their browserhistory.In [12], the authors suggest a framework used forassessing a certificate risk level on the basis of certaintrust characteristics and criteria. The proposedframework permits user to make decision whetheraccept or not a certificate for a particular transactionby evaluating its risk level. It includes three modulesinvolved in a risk level calculation. The first modulecollects and stores an untrusted and trusted x.509certificate, while the second module collectsattribute/criteria which are taken into consideration incalculation process. The last module classifies a risklevel in three values as low risk, medium risk, andhigh risk.The authors of [13] propose a technique formeasuring the CA trust level by evaluating thecertificate issued by this authority. In their suggestedmodel, a certificate authority trust service assess thecollected certificates, which have been sent by users,according to the rules based on different factors suchas certificate validity. However, the authors do notintroduce a mechanism for checking if the collectedcertificates, which are submitted by clients, aremalicious or not. Lucas et all presents in [14] animplementation of trust quantification and calculationin the X.509 PKI model. They introduce threecategory of trust in the X.509 PKI: PKI trust, policytrust, and authentication trust. Each category of trustis evaluated by a calculated trust value. This value isrepresented by using an ASN.1 structure andincluded in X.509 model in order to allow user tocheck the certificate trust level. In case of PKI trust,the authors consider that an end user defines a trustvalue according to his relationship with the trustanchor, but that makes his task more complex whenhe encounters unknown CA.In our point of view, there are others factors thatinfluence certificate trustworthiness as CA securityrisk that is defined in [4], CA reputation, CP quality,and certificate extension fields’ content.To the best of our knowledge, there is no proposedwork that integrates all these factors for evaluatingcertificate trustworthiness. Then, we propose a newapproach that integrates these factors in theassessment process of certificate trustworthiness. Wewill show more details about our work in nextsection.465

Journal of Internet Technology and Secured Transactions (JITST), Volume 5, Issue 2, June 20164. Our suggested frameworkOur proposed approach suggests several steps forcomputing the TLoCERT. Figure 1 shows oursuggested trust framework architecture. It comprisesdifferent components required in the TLoCERTcomputation. They are explained below. Security Module: It contains the followingcomponents: CA-SL Evaluator and SL DB. Theevaluator retrieves from the SL DB some informationsuch as EAL of CA software and its implementedsecurity standard, in order to use it for assessing aFigure 1. Suggested trust framework architecture. Server: It includes six components: the CPQmodule, security module, reputation module, decodermodule, translator module, and trust module. Translator module: On the reception of the CPQcalculator request regarding a CP in xml format, theCP translator searches in CPs repository forextracting the requested CP and translates it intoXML format. The translation process is madeaccording to the rules which will be defined anddiscussed in a future paper. After generation of the CPXML, CP translator sends it to CPQ calculator in order touse it in CPQ calculation.Copyright 2016, Infonomics SocietyCA SL value. This value is then passed to the trustmodule for computing a CA trust level. CPQ Module: It contains two components: CPQdatabase (CPQ DB) and CPQ calculator. The secondcomputes a CPQ value in applying an algorithm usedto fetch information from the XML CP. Thecalculated value is passed to the trust module andstored in CPQ database Trust Module: Its role is to calculate a receivedcertificate TLoCERT value which is requested by aRP. This module contains the trust calculator. It use aparser to analyze a provided X.509 certificate in466

Journal of Internet Technology and Secured Transactions (JITST), Volume 5, Issue 2, June 2016XML format and to extract from it the dataelements that are needed for calculating theTLoCERT. This component calculates and evaluatesthis level based on the calculated TLoCA, the CPQreceived from the CPQ module, and the score valueof extensions fields content. It is important to notethat a TLoCA is computed by the trust calculator onthe basis of two parameters: RepScore provided bythe reputation module, and the SL value sent by theSL evaluator. Reputation module: When CHs leave their ratingsvia a CH interface, these rating are stored infeedback database (DB), and then retrieved by thereputation calculator for calculating/updating the CARepScore. The used ratings are archived in feedbackarchiver in order to free the feedback DBspace.Before calculating a RepScore value, areputation calculator checks if a number of thereceived ratings achieves a 10% of the computedthreshold which will be defined in next section.Finally, the computed RepScore is sent to the trustmodule for computing a TLoCERT and is stored inReputation DB. Decoder module: It contains an ASN decoder. Notethat an X.509v3 certificate structure is presented ingeneral according to the ASN.1 format. This decoderallows the converting of the received X.509v3certificate from RP into XML format. The generatedXML certificate is sent to the trust module.The CHs can access our suggested frameworkthrough a link which is embedded into e-servicesapplications such as e-government, e-commerce.Then, they leave their appreciations about a CA thathas granted them a certificate. However, some CHsmay not give their feedback and think that it is notinterested. It is needed to provide them the incentivesand explain them that the importance of theirparticipation for making decision about a CAtrustworthiness in granting a validate certificate. Thatpermits to encourage them to use our framework andexplain their point of view on a specific CA.5. Evaluating trust in X.509 certificateDefining the factors that have an influence onmaking decision about certificate trustworthiness is amain task for computing its trust level. RP trusts acertificate for the correctness of its content based on theprocedures announced in the CP/CPS and the CAtrustworthiness. Moreover, a negative or positivereputation of CA can have an influence in decidingwhether a user will trust or not this authority. On theother hand, the malicious hackers can attack a CA andissues false certificates. Then, its security is animportant factor that has an influence on makingdecision about its trustworthiness. We describe in thefollowing subsections the TLoCert calculation methodin detailsCopyright 2016, Infonomics Society5.1. Calculating RoCERTAt the beginning, we evaluate certificatecorrectness by checking the contents of two fieldswhich are a key usage and validity using our system.We consider that if the validity period of thecertificate is not respected and/or the key usage fielddoes not correspond to the application usagerequirements, such certificate must be rejected and it isuntrustworthy. In this case, the trust assessment processwill be stopped. Then, we send a message to RP inorder to inform him that the requested certificate isuntrustworthy. The certificate correctness evaluationprocess is given in the flow diagram on Fig. 2. Weevaluate these certificate fields’ contents by using arating mechanism. We consider three ratings(RoCERT) 0, 0.5, 1 which are assigned to thecertificate and express its initial correctnessevaluation. As explained in Fig. 2, firstly, we verifythe key usage field. If its content corresponds to theapplication usage requirements, we check certificatevalidity field.Figure 2. An initiated evaluation of a certificatecorrectness.If it is valid, we verify its validity period. When thesystem found that its validity will be expired soon, theassigned rating is RoCERT 0.5. Otherwise, weassign to such certificate a rating RoCERT 1. In thiscase, the system continues with the evaluation processwhich will be discussed in next subsections. On the otherhand, if a certificate is invalid and/or its key usage doesnot match a required purpose of the application, thegiven rating is then RoCERT 0 and it will be rejected.5.2. Determining a CA trust levelWe calculate the TLoCA on basis of twoparameters RepScore and SL that are defined asfollow:467

Journal of Internet Technology and Secured Transactions (JITST), Volume 5, Issue 2, June 20165.2.1. Calculating the RepScore. We compute aRepScore on the basis of feedback ratings given byCHs using the exponentially weighted movingaverage (EWMA) method [16]. The reason behindusing this method is that it permits to weigh newobservations more and do not ignore old ones. In thisway, when updating a Repscore, the older value isreduced over time and not ignored. In general, theEWMA Control chart is control limits that permits todetermine whether a process is in statistical control[17]. In this context, this methodology is usuallyused to detect the malicious feedback rating [17].We calculate a CA RepScore by using thefollowing equation:RepScore α*rtg (1-α)OldRepScore(1)Where- RepScore is a computed reputation score- OldRepScore represents the old reputation score- 0 α 1 is a smoothing constant that presentsthe weight provided to the previous data. Its valuedepends to the personal experience and preference. Inour case, the lower value may have more influence onthe old reputation, while the higher value grants moreweight to new rating. Then, we must select anappropriate α for controlling the strictness of oursystem. We suggest that α takes a value between 0.6and 0.7.-rtg presents a new rating provided by a CH.The upper and lower control limits are defined asfollow:α–αα–α(2)(3)Where-L takes a value 3 (the 3-sigma control limits) or isselected by using the Saccucci and Lucas tables (ARL 370)- presents the estimated variance calculated from thereceived ratings (historical data).- indicates the historical data mean.Generally, a statistical anomaly is detected whenthe values fall outside the UCL or LCL. So, ifRepScore value is greater than UCL or less thanLCL, the last user rating is considered malicious.Then, this rating will not be taken into considerationin calculation process of RepScore and be ignored.Note that UCL and LCL values are varied dependingon the new received ratings. Furthermore, the providedratings explain the CHs appreciations for a specific CA.They are expressed as a percentage belonging to thethreshold [0,100], as shown in Table 1:Copyright 2016, Infonomics SocietyTable 1. Explanation of the provided ratingsRatingExplanation[0,20]Very fectThe algorithm1 shows the reputation scorecalculation. The function “repscore” gets as input theparameters values defined previously for computingthe RepScore. Besides, we apply the control chartmethodology in our algorithm for detecting themalicious ratings when the participated CHs numberis representative. This means that their number isequal or greater than a threshold value which isdetermined using a Statistical Sampling Technique(stratified sampling). This threshold value is definedby a sample size n which represents the total usersubpopulation certificed by a same authority. We notethat our population is reperesented by the users’ totalnumber that utilize e-services applications, into whichour platform link is embedded. We divide membersof this population into different subgroups(subpopulation) according to name of CA thatcertifies them. All members of each subgroup havebeen certified by a same CA. In addition, we calculatea sample size that represents each subpopulation byusing the following formula [18]:(4)Where-N presents a size of the user subpopulation and n isthe sample size,-e is the precision level (e 5%) which is defined asthe range in which the true value of the population isestimated to be [18].It is important to note that the total number of userpopulation T is equal to sum the number of userwithin each subgroup i T .Moreover, the calculated reputation score valuesbelong to the range [0,1]. Also, LCL and UCL valueswould be included in [0,1]. The bad reputation isrepresented by a score including in (0.2,0.4]. If theCA reputation is worst, its score is then comprised in[0,0.2]. The moderate reputation has a scoreincluding in (0.4,0.6]. Besides, the good reputationscore belongs to (0.6, 0.8] whereas perfect reputationscore is belonging to (0.8,1].5.2.2 Evaluating a SL. CA Security is a complexproperty that cannot be easily measured. CA systemis vulnerable for any attack kind. The attacker cangenerate signed false certificate revocation lists(CRLs). Then, it is needed to protect the CAssystems against security breaches468

Journal of Internet Technology and Secured Transactions (JITST), Volume 5, Issue 2, June 2016by implementing the highest security standards, andensuring their compliance with the securityrequirements by a regular audit.On the other hand, each CA uses software forgranting the certificates, generating public/private keypairs, and managing the CRLs. The software securityfeatures are assessed by establishing the evaluationassurance level (EAL) if it is certified by CommonCriteria Standard (CC). In this context, the EAL levelis an important factor for trusting a CA. The CCdefines seven levels: EAL1, EAL2, EAL3, EAL4,EAL5, EAL6, and EAL7. The highest assurancelevel is between [EAL5-EAL7]. The levels EAL1-2present low assurance. Thus, the levels included in [EAL3EAL4] are medium assurance. Hence, we evaluate aCA system security level on the basis of acombination between the CC level (EAL) providedfor software used by this CA and an implementedsecurity standards. We show how we precise SL values inthe following Table 2:Table 2. Explanation of the assigned security maturitylevel eak[EAL1-EAL2]ISO/IEC IEC 270011Strong[EAL5- EAL7]-1Strong[EAL5- EAL7]ISO/IEC 270011StrongThe SL values are 1,0.5, and 0 that correspond tostrong, medium, and weak respectively. For instance,we assign SL 0 to a CA that do not adopt anysecurity standard and the used software EAL is one ofthese levels EAL1, EAL1 or EAL2. Besides, a SLvalue is updated when an implemented securitystandard or EAL is changed.5.2.3 Determining TLoCA. TLoCA is quantitativeinformation which indicates the CA trustworthiness.Its value depends on RepScore and SL. We computeit using the weighted average method, as shown inthe following equation:(5)Where w1, w2: the assigned Weights andequals to 1. These weights specify the impact of thesefactors on the TLoCA.A new TLoCA is computed each time theaforementioned parameters are modifed. RepScore isupdated when a new received ratings number is equalor more than 10% of the threshold whichi iscalculated using an equation 4 or the RP requestabout a CA reputation. SL seems to be constant.However, it can be updated when the securitystandard and the EAL level change. Consequently,the weight adjustment is determined according toCopyright 2016, Infonomics SocietyAlgorithm 1. Reputation score calculationFunction repscore (idCA,α,rtg, oldrepscore,n)Input : idCA id of a CAα is a smoothing constantrtg a list of new ratings receivedoldrepscore the last reputation score of a CAn is a threshold valueOutput: newRepScore a calculated RepScore of a CADefine the following variables:k: rating number which is equal to 10% of the threshold nm:size of rtgucl :the upper control limitlcl : the lower control limitk 0.1*nIf (m k) then//The functions upper and lower calculate respectively ulcand llc value from new received ratings using theEquations (2) and (3).ulc upper (rtg, α)llc lower (rtg, α)For i 1 to m//initialise an oldScore valueIf newRepScore value exists then //It is alreadycalculatedoldScore newRepScoreElse If oldrepscore value does not exist then// oldScore is initialized by a first ratingoldScore rtg[1]/100Else oldScore oldrepscoreEndIfEndIfnewRepScore α*rtg[i]/100 (1-α)oldScoreIf ((newRepScore ulc) or (newRepScore llc)) then//newRepScore lies within the critical region. In this case, itsvalue will be ignored and not be taken into account in acalculation processnewRepScore oldScoreEndIfEndForReturn newRepScoreEndIfElse Return -1Enddepends on the impact of each parameter on TLcomputation process. It is described in the followingsteps: Step 1: Initially, we may not get any rating fromCHs. Then, the TLoCA is initialized by the SL valueusing an equation 7, as follow:(6) Step 2: In this step, few CHs may utilize ourframework and leave their appreciation for a specificCA that has been issue them certificates. In this case,the CA reputation can not be judged on the basis ofthe low number of CHs. As a result, we assign toRepScore the weight 0.25 which must be lower than that ofSL. Step 3: When CHs number grows and achieves athreshold value, we augment the weight value ofRepScore (w1 0.75). It is higher than that of SL.The algorithm 2 presents the TLoCA calculation.The computed level would be included in a threshold[0,1].469

Journal of Internet Technology and Secured Transactions (JITST), Volume 5, Issue 2, June 2016Algorithm 2. Trust level calculationFunction trustlevel (idCA,RepScore,SLoCA,m,n)Input : idCA id of a CARepScore is a CA reputation scoreSLoCA is a CA security leveln is a threshold valuem is CHs number that provide their feedbackOutput: TLoCA is a CA trust levelIf Repscore value does not exist thenTLoCA SLoCAElseIf (m n) thenTLoCA 0.25* RepScore 0.75*SLoCAElse TLoCA 0.75* RepScore 0.25*SLoCAEndifEndifReturn TLoCAEndLife-Cycle Operational Requirements 5)Facilities,Management, and Operational controls 6)TechnicalSecurity Controls 7)Certificate, CRL, and OCSPProfile 8)Compliance Audit 9)Other business andLegal MattersThe proposed XML format of a CP is as follows:There are four trust levels: high trust, mediumtrust, low trust, and no trust. The high trust level isincluded in (0.75,1], whereas the minimal valuerepresenting the case of “no trust” belongs to therange [0,0.25]. If a trust level is low, its related valueis included in (0.25,0.5]. Finally, the medium trustlevel is represented by the values including in(0.5,0.75].5.3. Calculating the CPQEach CA issues a certificate based on its CP/CPSwhich describes the set of rules maintained by the CAduring the certificate life cycle. CP is then animportant document to evaluate the certificate trustlevel. It may be written by a language different fromthe RP’s language and very long. Thus, it can containthe difficult terms that RPs do not understand them.For these reasons, it is difficult for RPs to judge it. Infact, it is needed to automate the CP interpretationprocess which can help RPs to make trust decisionabout a received certificate.In this paper, we present an automated process forevaluating the procedures described in the publishedCP. In fact, we present an algorithm for calculating aCPQ which indicates that these indicated proceduresare weak or rigorous. Firstly, we represent CPdocument, which is based on a RFC 3647 templatestandard, in digital form. The more a policy isformalized, the more the evaluation process is easilyachieved by an automatic machine [20]. We translatethen it into XML format in order to represent it as treestructure which is described in RFC 3647, manipulateit easily and parse it for calculating a CPQ value (seeFigure 2).The translation process is made accordingto the rules that will be discussed in a future paper.The formal presentation of CP is defined anddetailed in the Internet RFC3647 [19]. Thispresentation is not standard but it is broadly utilizedby all the Internet Community [20]. Therefore, we useits structure for CP formalization. The nine primarycomponents suggested by RFC 3647 [19] are show asfollow:1)Introduction2)Publication and repository3)Identification and Authentication 4)CertificateCopyright 2016, Infonomics SocietyFigure 3: Proposed XML CPWithin the framework of the RFC 3647, a CPcomposes of components, which can be containedmultiple subcomponents, and a subcomponent maycomprise several elements.For instance, the component ‘Technical SecurityControls’ composes of the eight subcomponents: ‘keypair generation and installation’, ‘private keyprotection and cryptographic module engineeringcontrols’, ‘time-stamping’, etc. As illustrated inFigure 2, the subcomponent ‘key pair generation andinstallation’ consists of several elements. Eachelement may comprise multiple contents.The algorithm 3 presents a calculation process ofCPQ value. It takes a XML CP file as input which isparsed using a DOM parser. This parser models it in atree structure (XML DOM tree) for manipulating iteasily. First, we extract its root element and use thefunction ‘getchildren’ as explained in algorithm 4 toobtain its children nodes. Then, we traverse XMLDOM tree a node by node in order to extract from itthe information needed to calculate a CPQ valueautomatically.In addition, we calculate a score of eachcomponent using the function ‘score comp’explained in algorithm 5. We sum all the computedscore values and divide the result on the componentnumber:(7)470

Journal of Internet Technology and Secured Transactions (JITST), Volume 5, Issue 2, June 2016Algorithm 3. Basic algorithmMain()Input : XML FILE as an XML Dom tree DOutput: CPQ is a certificate policy quality valueDefine the following variables:scorei : score of each component ilistcomponent: list of all componentschildren: list of node childrenInitialize sum 0//Parse the XML policy file and return an object of class‘dom document’D xmldocfile(‘policy.xml’)// get the root noderoot (D root())//get its children. Function getchildren returns an array ofchildren, give

in the X.509 PKI model. They introduce three category of trust in the X.509 PKI: PKI trust, policy trust, and authentication trust. Each category of trust is evaluated by a calculated trust value. This value is represented by using an ASN.1 structure and included in X.509 model in order to allow user to

Related Documents:

Charitable Gi t Annuity LEAD TRUST PAYOUTS A lead trust makes payments to charity in one of two ways: Lead Annuity Trust With a lead annuity trust, the trust pays a fixed amount each year regardless of the current value of the trust. There is a potential for growth in the trust because the annuity is fixed and the trust principal can compound.

stair pressurization fan condensing units, typ. of (3) elevator overrun stair pressurization fan november 2, 2016. nadaaa perkins will ]mit ]] ]site 4 october 21 2016 10 7'-3" hayward level 1 level 2 level 3 level 4 level 5 level 6 level 7 level 1 level 2 level 3 level 4 level 5 level 6 level 7 level 8 level 9 level 10 level 11 level 12

A-Best Asbestos Settlement Trust AC&S Asbestos Settlement Trust Amatex Asbestos Disease Trust Fund APG Asbestos Trust APl, luc. Asbestos Seltlement Trust Annstrong World Industries Asbestos Personal Injury Settlen ent Trust AlZTR.4 524(g) Asbestos Trust ASARCO L1.C Asbestos

10.00% TD Capital Trust IV Notes-Series 2 Due June 30, 2108 (TD CaTS IV - Series 2) _ TD Capital Trust IVTM (the "Trust") is a trust established under the laws of Ontario pursuant to a declaration of trust dated as of January 7, 2009, as amended and restated from time to time (the "Declaration of Trust"). .

Nothing Is as Fast as the Speed of Trust TRUST ISSUES AFFECT EVERYONE GETTING A HANDLE ON TRUST Simply put, trust means confidence. The opposite of trust — distrust — is suspicion. (5) In a high-trust relationship, you can say the wrong thing, and people will still get your meaning. In

bases. Calculating the pH of a strong acid The ionic product of water K W, calculating the pH of water at different temperatures, calculating the pH of a strong base. The acid dissociation constant K a and calculating the pH of a weak acid Acid –base titrations Choice of indicators for titrations Buffer solutions and calculations

Wishy-Washy Level 2, Pink Level 3, Red Level 3, Red Level 4, Red Level 2, Pink Level 3, Red Level 3, Red Level 4, Red Level 3, Red Level 4, Red Level 4, Red Titles in the Series Level 3, Red Level 3, Red Level 4, Red Level 3, Red Also available as Big Books There Was an Old Woman. You think the old woman swallowed a fly? Kao! This is our

3 For referenced ASTM standards, visit the ASTM website, www.astm.org, or contact ASTM Customer Service at service@astm.org. For Annual Book of ASTM Standards volume information, refer to the standard’s Document Summary page on the ASTM website. 4 Withdrawn. 5 Available fromAmerican Concrete Institute (ACI), P.O. Box 9094, Farmington