ANSI/INCITS 539
Information Technology – Management of Security Credentials
| Organization: | ANSI |
| Publication Date: | 1 July 2016 |
| Status: | active |
| Page Count: | 159 |
scope:
Simple Identity Management Profile
The Simple Identity Management Profile (see clause 5) is a component profile that provides the ability to manage local accounts on a system and to represent the local system's view of a principal that is authenticated through a third-party authentication service. The Simple Identity Management Profile does not specify CIM-based mechanisms for performing the authentication of credentials.
Role Based Authorization Profile
The Role Based Authorization Profile (see clause 6) extends the management capability of the referencing profiles by adding the capability to model role-based authorization for a managed system. This profile is intended to be used for the representation of the authorization on a managed system. This profile is not intended to serve as a mechanism for the authorization. The relationship between authorization and security principals of the accounts and groups, as well as the profile's registration for the schema implementation version information, is also described.
Credential Management Profile
The Credential Management Profile (see clause 7) extends the management capability of the referencing profiles by adding the capability to model credentials including key-based credentials such as PKI public key infrastructure (PKI) and X509 and biometric credentials. The Credential Management profile is not intended to be used to represent the account and principal information. This profile is intended to be the base profile for representing credentials and to be specialized by specific types of credential management profiles.
Certificate Management Profile
The Certificate Management Profile (see clause 8) specializes the Credential Management profile (see clause 7) and extends the management capability of the referencing profiles by adding the capability to model and manage X509 certificates of the public key infrastructure (PKI). The Certificate Management Profile is not intended to serve as a mechanism for the digital identification. Creation, storage, and management of X509 certificates, public private key pairs, certificate revocation lists (CRL) and certificate signing requests (CSR) is detailed. Profile registration for the schema implementation version information is also described.
Document History
