Authorization certificate
Encyclopedia
In computer security
, an attribute certificate (AC) is a digital
document containing attributes associated to the holder by the issuer. When the associated attributes are mainly used for authorization purpose, AC is called authorization certificate. AC is standardized in X.509
. RFC 3281 further specifies the usage of AC for authorization purpose in the Internet.
AC is the complement of public key certificate
(PKC). While PKC is issued by a CA
and is used as a proof of identity of its holder like a passport
, AC is issued by AA and is used to characterize or entitle its holder like a visa
. Because identity information seldom changes and has a long validity time while attribute information frequently changes or has a short validity time, separate certificates with different security rigours, validity times and issuers are necessary.
In addition to the absence of a public key, AC does not refer to the holder directly using identity information like in PKC but indirectly using the PKC. This means that the verification of an AC requires the presence of the PKC that is referred as the AC holder in the AC.
Similar to PKC, AC can be chained to delegate attributions. For example, an authorization certificate issued for Alice authorizes her to use a particular service. Alice can delegate this privilege to her assistant Bob by issuing an AC for Bob's PKC. When Bob wants to use the service, he presents his PKC and a chain of ACs starting from his own AC issued by Alice and then Alice's AC issued by the issuer that the service trusts. In this way, the service can verify that Alice has delegated her privilege to Bob and that Alice has been authorized to use the service by the issuer that controls the service. RFC 3281, however, does not recommend the use of AC chains because the complexity in administering and processing the chain is not worth the effort and there is little use of AC in the Internet.
For example, a software developer that already has a PKC
wants to deploy its software in a computing device employing DRM
like iPad
where software can only be run in the device after the software has been approved by the device manufacturer. The software developer signs the software with the private key of the PKC and sends the signed software to the device manufacturer for approval. After authenticating the developer using the PKC and reviewing the software, the manufacturer may decide to issue an AC granting the software the basic capability to install itself and be executed as well as an additional capability to use the Wi-Fi device following the principle of least privilege
. In this example, the AC does not refer to the PKC of the developer as the holder but to the software, for example, by storing the developer's signature of the software in the holder field of the AC. When the software is put into the computing device, the device will verify the integrity of the software using the developer's PKC before checking the validity of the AC and granting the software access to the device functionalities.
A user may also need to obtain several ACs from different issuers to use a particular service. For example, a company gives one of its employees a company-wide AC that specifies engineering department as the work area. To access engineering data, however, the employee also needs a security clearance AC from the head of the engineering department. In this example, the resource of engineering data needs to be preinstalled with the public keys of both the company-wide and the engineering department AC issuers.
Holder: the holder of the certificate.
Issuer: the issuer of the certificate.
Signature algorithm: the algorithm by which the certificate is signed.
Serial number: the unique issuance number given by the issuer.
Validity period: the validity period of the certificate.
Attributes: the attributes associated to the certificate holder.
Signature value: the signature of the issuer over the whole data above.
does not need to maintain an access control list
that can potentially be large or to always be connected to a network to access a central server like when using Kerberos. It is similar to the idea of capabilities
in which the permission (or permissions) to use a service or resource is not stored in the service or resource itself but in the users using a tamper resistance
mechanism.
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
, an attribute certificate (AC) is a digital
Digital
A digital system is a data technology that uses discrete values. By contrast, non-digital systems use a continuous range of values to represent information...
document containing attributes associated to the holder by the issuer. When the associated attributes are mainly used for authorization purpose, AC is called authorization certificate. AC is standardized in X.509
X.509
In cryptography, X.509 is an ITU-T standard for a public key infrastructure and Privilege Management Infrastructure . X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation...
. RFC 3281 further specifies the usage of AC for authorization purpose in the Internet.
AC is the complement of public key certificate
Public key certificate
In cryptography, a public key certificate is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth...
(PKC). While PKC is issued by a CA
Certificate authority
In cryptography, a certificate authority, or certification authority, is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate...
and is used as a proof of identity of its holder like a passport
Passport
A passport is a document, issued by a national government, which certifies, for the purpose of international travel, the identity and nationality of its holder. The elements of identity are name, date of birth, sex, and place of birth....
, AC is issued by AA and is used to characterize or entitle its holder like a visa
Visa (document)
A visa is a document showing that a person is authorized to enter the territory for which it was issued, subject to permission of an immigration official at the time of actual entry. The authorization may be a document, but more commonly it is a stamp endorsed in the applicant's passport...
. Because identity information seldom changes and has a long validity time while attribute information frequently changes or has a short validity time, separate certificates with different security rigours, validity times and issuers are necessary.
Comparison of attribute and public key certificates
AC is similar to PKC except that AC contains no public key because an AC verifier is under the control of the AC issuer, and therefore, trusts the issuer directly by having the public key of the issuer preinstalled. This means that once the AC issuer's private key is compromised, the issuer has to generate a new key pair and replaces the old public key in all verifiers under its control with the new one.In addition to the absence of a public key, AC does not refer to the holder directly using identity information like in PKC but indirectly using the PKC. This means that the verification of an AC requires the presence of the PKC that is referred as the AC holder in the AC.
Similar to PKC, AC can be chained to delegate attributions. For example, an authorization certificate issued for Alice authorizes her to use a particular service. Alice can delegate this privilege to her assistant Bob by issuing an AC for Bob's PKC. When Bob wants to use the service, he presents his PKC and a chain of ACs starting from his own AC issued by Alice and then Alice's AC issued by the issuer that the service trusts. In this way, the service can verify that Alice has delegated her privilege to Bob and that Alice has been authorized to use the service by the issuer that controls the service. RFC 3281, however, does not recommend the use of AC chains because the complexity in administering and processing the chain is not worth the effort and there is little use of AC in the Internet.
Usage
To use a service or a resource that the issuer of an AC controls, a user presents both the PKC and the AC to a part of the service or resource that functions as an AC verifier. The verifier will first check the identity of the user using the PKC, for example, by asking the user to decrypt a message encrypted by the user's public key in the PKC. If the authentication is successful, the verifier will use the preinstalled public key of the AC issuer to check the validity of the presented AC. If the AC is valid, the verifier will check whether or not the PKC specified in the AC matches the presented PKC. If it matches, the verifier will check the validity period of the AC. If the AC is still valid, the verifier can perform additional checks before offering the user a particular level of service or resource usage in accordance to the attributes contained in the AC.For example, a software developer that already has a PKC
Public key certificate
In cryptography, a public key certificate is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth...
wants to deploy its software in a computing device employing DRM
Digital rights management
Digital rights management is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that...
like iPad
IPad
The iPad is a line of tablet computers designed, developed and marketed by Apple Inc., primarily as a platform for audio-visual media including books, periodicals, movies, music, games, and web content. The iPad was introduced on January 27, 2010 by Apple's then-CEO Steve Jobs. Its size and...
where software can only be run in the device after the software has been approved by the device manufacturer. The software developer signs the software with the private key of the PKC and sends the signed software to the device manufacturer for approval. After authenticating the developer using the PKC and reviewing the software, the manufacturer may decide to issue an AC granting the software the basic capability to install itself and be executed as well as an additional capability to use the Wi-Fi device following the principle of least privilege
Principle of least privilege
In information security, computer science, and other fields, the principle of least privilege, also known as the principle of minimal privilege or just least privilege, requires that in a particular abstraction layer of a computing environment, every module must be able to access only the...
. In this example, the AC does not refer to the PKC of the developer as the holder but to the software, for example, by storing the developer's signature of the software in the holder field of the AC. When the software is put into the computing device, the device will verify the integrity of the software using the developer's PKC before checking the validity of the AC and granting the software access to the device functionalities.
A user may also need to obtain several ACs from different issuers to use a particular service. For example, a company gives one of its employees a company-wide AC that specifies engineering department as the work area. To access engineering data, however, the employee also needs a security clearance AC from the head of the engineering department. In this example, the resource of engineering data needs to be preinstalled with the public keys of both the company-wide and the engineering department AC issuers.
Contents of a typical attribute certificate
Version: the version of the certificate.Holder: the holder of the certificate.
Issuer: the issuer of the certificate.
Signature algorithm: the algorithm by which the certificate is signed.
Serial number: the unique issuance number given by the issuer.
Validity period: the validity period of the certificate.
Attributes: the attributes associated to the certificate holder.
Signature value: the signature of the issuer over the whole data above.
Benefits
Using attribute certificate, the service or resource hostHost (network)
A network host is a computer connected to a computer network. A network host may offer information resources, services, and applications to users or other nodes on the network. A network host is a network node that is assigned a network layer host address....
does not need to maintain an access control list
Access control list
An access control list , with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject...
that can potentially be large or to always be connected to a network to access a central server like when using Kerberos. It is similar to the idea of capabilities
Capability-based security
Capability-based security is a concept in the design of secure computing systems, one of the existing security models. A capability is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights...
in which the permission (or permissions) to use a service or resource is not stored in the service or resource itself but in the users using a tamper resistance
Tamper resistance
Tamper resistance is resistance to tampering by either the normal users of a product, package, or system or others with physical access to it. There are many reasons for employing tamper resistance....
mechanism.
See also
- Public key certificatePublic key certificateIn cryptography, a public key certificate is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth...
- Security Assertion Markup Language
- ShibbolethShibboleth (Internet2)Shibboleth is an Internet2 project that has created an architecture and open-source implementation for federated identity-based authentication and authorization infrastructure based on Security Assertion Markup Language . Federated identity allows for information about users in one security domain...
- VomsVomsVOMS is an acronym used for Virtual Organization Membership Service in grid computing. It is structured as a simple account database with fixed formats for the information exchange and features single login, expiration time, backward compatibility, and multiple virtual organizations...