Chapter 8. Client-Side Digital Certificates
In the previous chapter, we looked at digital certificates for organizations. In this chapter, we’ll look at how digital certificates can certify the identity of individuals. We’ll also walk through the VeriSign Digital ID Center, the first certification authority to offer public services on the Web.
Client Certificates
A client certificate is a digital certificate that is designed to certify the identity of an individual. As with certificates for web sites, client certificates bind a particular name to a particular secret key. They are issued by certification authorities.
Client certificates have many uses and benefits:
Digital certificates can eliminate the need to remember usernames and passwords. You simply sign your digital signature whenever you enter a restricted space.
Instead of deploying a large distributed database, organizations can simply use a digital certificate issued by a particular CA as proof of membership in that organization.
Because signing your name with a digital certificate requires access to a secret key, it is harder for groups of individuals to share a single digital ID than it is for a group of people to share a username and password. This is because there are technical barriers to sharing secret keys between users, and because users may be unwilling to share a secret key that is used for more than one application. This is interesting to sites that have per-user charges for distributing information over the Internet. ...
Get Web Security and Commerce now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
