Authorization certificate

Authorization certificate

In computer security, an authorization certificate (also known as an attribute certificate) is a digital document that describes a written permission from the issuer to use a service or a resource that the issuer controls or has access to use. The permission can be delegated.

From RFC 3281 [cite paper|author=Farrell, S.; Housley, R|title=An Internet Attribute Certificate Profile or Authorization|version=RFC 3281] (PKC and AC refer to public key certificate and attribute certificate respectively):

Some people constantly confuse PKCs and ACs. An analogy may make the distinction clear. A PKC can be considered to be like a passport: it identifies the holder, tends to last for a long time, and should not be trivial to obtain. An AC is more like an entry visa: it is typically issued by a different authority and does not last for as long a time. As acquiring an entry visa typically requires presenting a passport, getting a visa can be a simpler process.

A real life example of this can be found in the mobile software deployments by large service providers and are typically applied to platforms such as Microsoft Smartphone (and related), Symbian OS, J2ME, and others.

In each of these systems a mobile communications service provider may customize the mobile terminal client distribution (ie. the mobile phone operating system or application environment) to include one or more root certificates each associated with a set of capabilities or permissions such as "update firmware", "access address book", "use radio interface", and the most basic one, "install and execute". When a developer wishes to enable distribution and execution in one of these controlled environments they must acquire a certificate from an appropriate CA, typically a large commercial CA, and in the process they usually have their identity verified using out-of-band mechanisms such as a combination of phone call, validation of their legal entity through government and commercial databases, etc., similar to the high assurance SSL certificate vetting process, though often there are additional specific requirements imposed on would-be developers/publishers.

Once the identity has been validated they are issued an identity certificate they can use to sign their software; generally the software signed by the developer or publisher's identity certificate is not distributed but rather it is submitted to processor to possibly test or profile the content before generating an authorization certificate which is unique to the particular software release. That certificate is then used with an ephemeral asymmetric key-pair to sign the software as the last step of preparation for distribution. There are many advantages to separating the identity and authorization certificates especially relating to risk mitigation of new content being accepted into the system and key management as well as recovery from errant software which can be used as attack vectors.

This solution prevents the service or resource hostdn from having to use large access control lists. It is similar to the idea of capabilities: store the permission (or permissions) with a protected pointer to the object but not with the object itself.

See also

* Public key certificate
* SAML
* [http://www.kamusm.gov.tr e-sign, e-imza, tr] also for English [http://www.kamusm.gov.tr/en/ Qualified electronic certificate]

References

External links

* [http://theworld.com/~cme/html/spki.html SPKI/SDSI Certificate Documentation]


Wikimedia Foundation. 2010.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

  • certificate — cer·tif·i·cate 1 /sər ti fi kət/ n 1 a: a document containing a certified statement esp. as to the truth of something a birth certificate b: a document certifying that a person has fulfilled the requirements of and may practice in a specified… …   Law dictionary

  • authorization — index appointment (act of designating), approval, assent, assignment (designation), brevet, capacity (authority) …   Law dictionary

  • certificate — early 15c., action of certifying, from Fr. certificat, from M.L. certificatum thing certified, noun use of neut. pp. of certificare (see CERTIFY (Cf. certify)). Of documents, from mid 15c., especially a document which attests to someone s… …   Etymology dictionary

  • certificate — [n] authorizing document affidavit, affirmation, attestation, authentication, authorization, certification, coupon, credential, deed, diploma, docket, documentation, endorsement, guarantee, license, paper, pass, permit, receipt, record,… …   New thesaurus

  • Certificate of pharmaceutical product — The certificate of pharmaceutical product (abbreviated: CPP or CoPP) is a certificate issued in the format recommended by the World Health Organization (WHO), which establishes the status of the pharmaceutical product and of the applicant for… …   Wikipedia

  • Authorization to Transport — An Authorization to Transport is a permit issued by the Canadian Firearms Program allowing holders of Restricted and Prohibited class firearms to transport them in Canada. Such a permit is only issued to holders of a Possession and Acquisition… …   Wikipedia

  • certificate — Synonyms and related words: CD, IOU, MO, acceptance, acceptance bill, affidavit, attestation, authority, authorization, bank acceptance, bank check, bill, bill of draft, bill of exchange, bill of health, blank check, certificate of deposit,… …   Moby Thesaurus

  • authorization — Synonyms and related words: John Hancock, OK, acceptance, accession, accredit, acme, advance, affidavit, affirmance, affirmation, agency, agentship, aid, allow, allowance, anointing, anointment, appointment, approbation, approval, approve,… …   Moby Thesaurus

  • certificate — noun do you have any type of certificate that proves your ownership? Syn: guarantee, certification, document, authorization, registration, authentication, credentials, accreditation, license, diploma …   Thesaurus of popular words

  • certificate of registration — The certificate obtained by an alien upon registration. 3 Am J2d Aliens § 112; an authorization, otherwise known as a license, to use a designated motor vehicle upon the highways of the state. 7 Am J2d Auto § 53 …   Ballentine's law dictionary

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”