PKI Architectures
Issuance of a certificate to a subject for a specific purpose is essentially a statement by the issuer that the issuer has verified the identity claim of the subject as per its verification policies for that particular purpose. Someone relying on the certificate to prove the identity of its owner is essentially relying on the issuer's statement. Say that Charlie is a CA and everyone trusts Charlie to ascertain the identity of individuals and issue certificates. Now someone presents a certificate issued by Charlie in the name of Bob to Alice and is able to prove the possession of the corresponding private key. After verifying the fact that the certificate is not expired or placed in a CRL, Alice would trust that someone to be ...
Get J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
