Akenti Attribute Certificate

An attribute certificate certifies that a particular user as specified by a Distinguished Name (DN) possesses a value for a given attribute. The Attribute Certificate issuer signs the certificate and posts it to designated Web or LDAP servers.

Contents of Attribute Certificate

The DN(s) of the user
A named attribute and its value
An optional condition controlling the attribute validity.

Example Attribute Certificate

Use Attribute.sh to generate these certificates. The exact order and content is required and once the certificate has been signed any changes will invalidate the signature.

<AkentiCertificate>
  <SignablePart>
     <Header type="Attribute" SignatureDigestAlg="RSA-MD5" CanonAlg="AkentiV1">
     (...)
     </Header>
    <AttributeCert>
      <SubjectAndCA>
         <UserDN>/C=US/O=LBNL/OU=ICSD/CN=Mary R. Thompson</UserDN>
         <CADN>/C=US/O=LBNL/OU=Certificate Authorities/CN=IDCG-CA</CADN>
      </SubjectAndCA>
      <AttrName>group</AttrName>
      <AttrValue>sysadmin</AttrValue>
      <Condition>
         <Constraint>(IP=131.243.2.11)</Constraint>
         <AttributeInfo type="SYSTEM">
           <AttrName>IP</AttrName>
           <AttrValue>ANY</AttrValue>
        </AttributeInfo>
      </Condition> 
    </AttributeCert>
  </SignablePart>
</AkentiCertificate>

See Akenti Certificate Specification for the complete details.

Page last modified: Tuesday, 21-May-2002 19:52:44 PDT Contact: MRThompson@lbl.gov <Akenti development group> Credits:Distributed Security research and development is funded by the U.S. Dept. of Energy, Office of Science, Office of Advanced Scientific Computing Research, Mathematical, Information, and Computational Sciences Division. Privacy and site security notice to Users