Authorization certificate

In computer security, an attribute certificate, or authorization certificate (AC) is a digital document containing attributes associated to the holder by the issuer. When the associated attributes are mainly used for the purpose of authorization, AC is called authorization certificate. AC is standardized in X.509. RFC 5755 further specifies the usage for authorization purpose in the Internet. In computer security, an attribute certificate, or authorization certificate (AC) is a digital document containing attributes associated to the holder by the issuer. When the associated attributes are mainly used for the purpose of authorization, AC is called authorization certificate. AC is standardized in X.509. RFC 5755 further specifies the usage for authorization purpose in the Internet. The authorization certificate works in conjunction with a public key certificate (PKC). While the PKC is issued by a certificate authority (CA) and is used as a proof of identity of its holder like a passport, the authorization certificate is issued by an attribute authority (AA) and is used to characterize or entitle its holder like a visa. Because identity information seldom changes and has a long validity time while attribute information frequently changes or has a short validity time, separate certificates with different security rigours, validity times and issuers are necessary. An AC resembles a PKC but contains no public key because an AC verifier is under the control of the AC issuer, and therefore, trusts the issuer directly by having the public key of the issuer preinstalled. This means that once the AC issuer's private key is compromised, the issuer has to generate a new key pair and replaces the old public key in all verifiers under its control with the new one.