Check out the new USENIX Web site.

...
footnote
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...HREF="footnode.html#">[*]
b1416Towards Web Security Using Plasma
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...Plasma
The Script is stored together with the other media specific data objects into a Container by Plasma -- with the Container being a collection object maintaining its subobjects as a list.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...creation
The services non-repudiation and digital signature creation do not differ from a purely technical viewpoint; however, in the latter case the user must be given an opportunity to actively confirm that he wants to sign the given document.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...operation
A cryptographic algorithm is referred to herein as a protocol since for example in the case of the DES algorithm the protocol for reverting the encryption on behalf of the recipient is well defined.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...exchanged
For the necessary background of cryptographic material refer for example to [15].
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...service
The ``protocol'' None is for document parts which should not be treated cryptographically.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...Plasma
Through the object oriented design of the security platform Plasma, as described in [7], it is easily possible to integrate further generic security services into the platform.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...certificates
The certificate structures used in SecuDe comply with the X.509 authentication framework [15] which requires the existence of certification authorities for the certification of the asymmetric public keys.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...request
The Mosaic browser family offers a feature to access programs such as security platforms directly from the web client. To achieve this goal, the CCI was defined for the client side and on the server side the CGI specification was established.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...Plasma
Plasma on both sides is capable of securing several simultaneous communications, so a web server is able to serve several clients simultaneously and similarly a client is capable of starting several simultaneous requests to different servers using secure connections.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...DName
DName s are unique identifiers of the participating parties which are defined in the X.500 standards suite (cf. [15]).
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...side
This requires the application on the client side to detect the condition that the API function putDocument() for cryptographic operations in ``to'' direction must be called, therefore the request type ContRequest , which is also a Plasma packet, was introduced.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
...Plasma
This requires the application on the client side to detect the condition that the API function for conncection shutdown must be called, therefore the request type FinlRequest was introduced, also a Plasma packet.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Annette Krannig
11/20/1997