Defines frameworks for public-key infrastructure (PKI) and privilege management infrastructure (PMI). It specifies the following data types: public-key certificate, attribute certificate, certificate revocation list (CRL) and attribute certificate revocation list (ACRL). In addition, it defines entity types, such as certification authority (CA), attribute authority (AA), relying party, privilege verifier, trust broker and trust anchor. It includes a specification for authorization validation lists that allow for fast validation and restrictions on communications. It includes protocols necessary for maintaining authorization validation lists and a protocol for accessing a trust broker.