Authorization certificates

Goal

• Authentication of clients
• Exchange of authorization information between clients and servers

Solution

• X.509v3 certificates with authorization extensions
• Short validity period (for revocation)
• Supported by most SSL-enabled browsers (IE, NS, Opera, ...)
• Provides for both user authentication and for the exchange of access control information
• Generated by the authorization server
• Digital signature provides against forgery, unauthorized changes