The X.509 specification defines a standard for managing public keys through a Public Key Infrastructure (PKI). Public keys are maintained in X.509 certificates, which are digital documents that bind a subject’s identity claims to a public key from a public/private asymmetric key pair. Identity claims are normally understandable by humans, such as a person’s full name or email address, or a machine host name or domain name. X.509 certificates are endorsed and issued by a trusted third party known as a Certificate Authority (CA).

See the following topics for more information:

• Public Key Encryption and Digital Signatures
• X.509 Certificates
• X.509 Application
• Certificate Authorities

 

Use of X.509 Certificates in Patterns

The use of X.509 certificates for third party authentication, data origin authentication, and data confidentiality is described in the following Web service security pattern documents:

• Brokered Authentication - X.509 PKI
• Implementing Message Layer Security with X.509 Certificates in WSE 2.0.
• Pattlet – Transport Layer Security with X.509 Certificates and HTTPS

References

http://www.rsasecurity.com/rsalabs/node.asp?id=2277

http://www.rsasecurity.com/rsalabs/node.asp?id=2293

http://www.oasis-open.org/specs/index.php#wssv1.0

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/operations/ipsec.mspx

Kaufman, C., Perlman, R., and Speciner, M. Network Security – PRIVATE Communication in a PUBLIC World. Upper Saddle River, NJ: Prentice Hall PTR., 2002.

Microsoft Confidential. © 2005 Microsoft Corporation. All rights reserved. By using or providing feedback on these materials, you agree to the attached license agreement.