Authorization certificates
Goal
Authentication of clients
Exchange of authorization information between clients and servers
Solution
X.509v3 certificates with authorization extensions
Short validity period (for revocation)
Supported by most SSL-enabled browsers (IE, NS, Opera, ...)
Provides for both user authentication and for the exchange of access control information
Generated by the authorization server
Digital signature provides against forgery, unauthorized changes
José Kahan
13 of 16