57 References 1. Urs Gasser and John G. Palfrey Jr. (2007, Nov.). Case Study: Digital Identity Interoperability and e-Innovation [Online]. Available:http://cyber.law.harvard.edu/interop/pdfs/interop-digital-id.pdf 2. Official website of Information and Communication Technology Agency of Sri Lanka (ICTA [Online]. Available:http://www.icta.lk Referred:Nov 2008 3. Official web site for OAuth. [Online]. Available:http://oauth.net/core/1.0/ Referred:Nov 2008 4. Official web site for OpenID. [Online]. Available:http://openid.net/ Referred:Nov 2008 5. Dmitry Stogov. (2008). Enabling OpenID. [Online]. Available:http://devzone.zend.com/content/zendcon_07_slides/Stogov_Dmitry _openid.pdf 6. J. G. Steiner, B. Clifford Neuman, and J.I. Schiller. (1988, February). Kerberos: An Authentication Service for Open Network Systems. Presented at Winter 1988 Usenix Conference. [Online]. Available:http://web.mit.edu/Kerberos/papers.html 7. William Stalling. (2005). Cryptography and Network Security, Principles and Practices. (3rd ed.) 8. Federal PKI Policy Authority Shared Service Provider Working Group. (2008 Jan.). X.509 Certificate and Certificate Revocation List (CRL) Extensions Profile for the Shared Service Providers (SSP) Program [Online]. Available:http://www.cio.gov/fpkipa/documents/CertCRLprofileForCP.pdf 9. Digital Library Federation (DLF) and the Corporation for Research and Educational Networking (CREN). (2008). Digital Certificate Infrastructure - Frequently Asked Questions. [Online]. Available:http://www.diglib.org/architectures/cren-dlf.pdf 10. Ing. Julius Lintner, RNDr. František Kaščák. (2002) THE PLACE AND ROLES OF THE CERTIFICATION AUTHORITY [Online]. Available:http://www.nbs.sk/BIATEC/BIA05_02/24_27.PDF 11. Michael Roe, Cambridge University Computer Laboratory, Computer Security Group. (1993 July) Certification Authority Requirements [Online]. Available:http://research.microsoft.com/users/mroe/CAREQ.PDF 58 12. Official web site for VeriSign. [Online]. Available:http://www.verisign.com/ Referred:Apr. 2008 13. RFC 2560 - X.509 Internet Public Key Infrastructure Online Certificate Status Protocol – OCSP [Online]. Available:http://www.ietf.org/rfc/rfc2560.txt 14. AICPA/CICA. (2000, Aug.). WebTrust, Program for Certification Authorities - Version 1.0 [Online]. Available:http://www.cica.ca/multimedia/Download_Library/Standards/WebT rust/English/e_CertAuth.pdf 15. European Telecommunications Standards Institute. (2002, Apr.). Policy requirements for certification authorities issuing qualified certificates ETSI TS 101 456 V1.2.1,Technical Specification. [Online]. Available:http://www.neytendastofa.is/lisalib/getfile.aspx?itemid=964 16. B. Kaliski Network Working Group RSA Laboratories East (1998, March). PKCS #10: Certification Request Syntax, Version 1.5 [Online]. Available:http://www.isi.edu/in-notes/rfc2314.txt 17. Eddy Nigg, StartCom Ltd. (2007, Dec.). StartCom Free SSL Certification Authority Policy & Practices V1.5 [Online]. Available:http://cert.startcom.org/policy.pdf 18. RFC 2527 - Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. [Online]. Available:http://www.faqs.org/rfcs/rfc2527.html 19. Kailash N Gupta, Kamlesh N. Agarwala, Prateek A. Agarwala (2005). Digital Signature Network Security Practices (1st ed.) 20. CAcert the community Certification Authority (2008, Oct.) Certification Practice Statement (CPS) and Certificate Policy (CP) [Online]. Available:http://svn.cacert.org/CAcert/policy.htm 21. VeriSign (2008, June) Certification Practice Statement, Version 3.8[Online]. Available:http://www.verisign.com/repository/CPSv3.8_final.pdf 22. Parliament of The Democratic Socialist Republic of Sri Lanka. ELECTRONIC TRANSACTIONS ACT, No. 19 OF 2006 [Online]. Available:http://documents.gov.lk/Acts/2006/Electronic%20Transactions%20 %20Act%20%20No.%2019/Act%20No.%2019%20(E).pdf 23. Parliament of The Democratic Socialist Republic of Sri Lanka. COMPUTER CRIMES ACT, No. 24 OF 2007 [Online]. Available:http://www.icta.lk/pdf/Computer_Crimes_Act_No_24_of_2007(E). pdf