PKI-based AAIs 3/5

• ITU-T X.509 v3 extension fields should only be used to carry authorization information that is stable and constant over time

• Otherwise, the use of attribute certificates (ACs) is advan-tageous and should be the preferred option

• An AC

  • is conceptually similar to a PAC
  • is issued and digitally signed by an attribute authority (AA)

• Unfortunately, ACs are not supported by many applications and application protocols (e.g., SSL/TLS)

• A DBMS can be used to link authorization information to public key certificates, and to implement a PMI accordingly

Previous slide

Next slide

Back to first slide

View graphic version