Isevisi idume kakhulu e-USA ngokuqashwa kude kwamaplumbers, ochwepheshe bezokushisisa nezokupholisa umoya, nokunye. E-Russia kukhona nezingosi ezifanayo: kulula kakhulu ukukhetha uchwepheshe ngokushesha. Nakuba ezimweni zamanje kungcono ukubethela leli shalofu ngokwakho ukuze ungaxhumani nanoma ubani nhlobo. Noma kunjalo, muva nje i-USAFact (umhlinzeki wokuhlola izinkulungwane zezinkampani, okuhlanganisa Ochwepheshe Besevisi) nge-GlobalSign ukuze kusetshenziswe ngokwezifiso Isevisi Yokusayina Kwedijithali, eyasetshenziswa ezinyangeni ezine - futhi manje isivumeleke ukuthi ihlolwe kusengaphambili bonke Ochwepheshe Besevisi.
Lesi isibonelo sendlela ongahlela ngayo umsebenzi okude wabasebenzi abaqashiwe ngokwenza imibhalo efanele. Okufanelekile esimweni samanje.
Izinkampani zishintshela kumasiginesha edijithali ngenxa yezinzuzo zazo ezicacile:
- Ukugeleza kwedokhumenti engenaphepha. Ukonga isikhathi, imali nezinsiza.
- Izinqubo zebhizinisi ezisebenzayo. Ukusayina nge-elekthronikhi kwenza konke okwenziwayo kube yinqubo elula.
- Amakhono eselula. Ukuxhumana phakathi kwenhlangano kanye namakhasimende kuba lula.
Ingqalasizinda yokhiye womphakathi (i-PKI) iqinisekisa ubuqotho futhi iqinisekisa ubunikazi bedokhumenti ngayinye. Izitembu zesikhathi ziqinisekisa isikhathi esasayinwa ngaso idokhumenti, esidingekayo ekwenzeni izinto okusekelwe esikhathini, ukunganqatshwa, nokugcinwa kwedatha ngezinjongo zokucwaninga. Lonke uhlelo lokuphatha amadokhumenti olunamasiginesha edijithali kufanele luhambisane nezidingo ezidingekayo ezisebenzayo ezweni elingaphansi kombuso, kanye nasemazweni lapho ozakwethu namakhasimende asebenza khona.
(i-DSS) iyinkundla enwebekayo, enikwe amandla i-API ukuze kukhishwe ngokushesha amasiginesha edijithali ehlinzeka:
- Sayina ngedijithali i-hashi yanoma iyiphi idokhumenti noma okwenziwayo kwedijithali ekusetheni kwe-PKI
- Ukukhishwa kwesitifiketi sesiginesha
- Ukusekelwa kwe-AATL ne-Microsoft Root
- Ukugcina okhiye abayimfihlo ngokusekelwe ku-HSM
- Ukubuyekezwa kwempendulo edingekayo ukuze kucwaningwe
- Izigxivizo ze-elekthronikhi ezithuthukisiwe futhi, uma sezigunyaziwe, amasignesha afanelekayo ahambisana nezinga le-eIDAS
Isevisi yefu yenza kube lula kakhulu ukuthunyelwa kwesistimu yokuphatha amadokhumenti ngokusekelwa kwamasignesha edijithali. Yonke imisebenzi imane idlule ku-API.
Uma sibuyela Kochwepheshe Besevisi, basanda kwethula umnikelo omusha oklanyelwe ukwenza ukuzizwisa kwekhasimende kube lula. Kodwa lokhu kwakudinga ikhono lokudala izinkontileka ezithembekile ezindlini zamaklayenti. Ochwepheshe Besevisi basebenze ne-USAFact ukuthuthukisa uhlelo lokusebenza lwewebhu oluhambise umthengisi wesevisi ngezibalo ezihlukahlukene, okubavumela ukuthi bafake ulwazi oludingekayo ngaphambi kokudala i-PDF engasayinwa nge-elekthronikhi futhi ithathwe. Lapho kuba sobala ukuthi isixazululo sokuqala sasingathembekile, i-USAFact yaqala ukufuna isixazululo esingcono. Ekugcineni wakhetha i-GlobalSign yohlelo lwakhe lwesiginesha yedijithali.
Ngemva kokuphothulwa kohlelo lokuhlola, Ochwepheshe Besevisi balindele ukuthumela i-DSS esekelwe efwini kuwo wonke amagatsha ase-US angu-94 kanye namahhovisi enkundla angu-600. Bonke abasebenzisi bangaqiniseka ukuthi noma yiluphi ulwazi oluqoqiwe luzohlala lwamanje futhi luvikelekile, kokubili manje nasesikhathini esizayo.
Isevisi Yokusayina Kwedijithali inikeza konke okudingayo ukuze usebenzise amasiginesha edijithali ngokuhlanganiswa okukodwa okulula kwe-REST API. Zonke izingxenye ezisekelayo ze-cryptographic, okuhlanganisa izitifiketi zokusayina, ukuphathwa kokhiye, iseva yesitembu sesikhathi, kanye nesevisi ye-OCSP noma ye-CRL, kunikezwa ngekholi ye-API eyodwa enokuthuthukiswa okuncane futhi azikho izingxenyekazi zekhompyutha zasendaweni okufanele ziphathwe.
Source: www.habr.com