Skip to Main Content
Digital Identity
book

Digital Identity

by Phillip J. Windley
August 2005
Beginner content levelBeginner
256 pages
8h 26m
English
O'Reilly Media, Inc.
Content preview from Digital Identity

Digital Certificates and Access Control

We've seen how digital certificates can be used in an authentication infrastructure. Because the certificate is just a data structure that can be extended, it can also be used to store permissions and other authorization information, such as roles. The signature of the certificate authority ensures that these attributes can't be tampered with. The use of certificates in this way makes two important assumptions:

  • The roles, permissions, and entitlements regarding the subject of the certificate are static, and thus can be encoded in a certificate that is updated infrequently.

  • The chain of trust from the organization to the certificate authority is such that systems needing to use the permissions in the certificate can trust that they were set in accordance with the correct access-control policy.

The inflexibility of this system is its chief drawback. Changing access-control permissions requires revoking the old certificate and issuing a new one. Its primary strength is that permissions move with the certificate in a trustworthy way, negating the need for a complicated database infrastructure to store the permissions.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Learning Digital Identity

Learning Digital Identity

Phillip J. Windley
Self-Sovereign Identity

Self-Sovereign Identity

Alex Preukschat, Drummond Reed

Publisher Resources

ISBN: 0596008783Errata Page