Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers Request free information on products written about or advertised in BYTE Submit a press release, or scan recent announcements Talk with BYTE's staff and readers about products and technologies

ArticlesExtending Certificates

June 1997 / Cover Story / Who Goes There? / Extending Certificates

Certificates were invented to guarantee public keys, but they can do much more. That's because each certificate consists of an extendible set of fields. Some fields are predefined. But you can add as many as you want. Corporations might want to create strong certificate structures that carry additional information about the privileges given to the holder. For example, a certificate could set a limit on the size of a contract that an employee can guarantee. The corp orate treasurer, for instance, might have a certificate that backs up a digital signature applied to any contract, no matter how large. A new, entry-level employee, on the other hand, might get a certificate that can spend only small amounts (say $100).

There are no limits to the fields that can be added to a certificate. It's easy to imagine certificates that specify the level of travel allowed (first class versus coach), the type of parking, the access to particular financial docu ments, or even the key to the executive washroom. Each corporation can choose to implement these fields differently.

IBM is planning on helping companies add certificate-level security to their personnel data. This is the type of all-encompassing job that certificate-minting software companies need to justify a large installation at a company. This type of system would allow people to check information about their benefits 401(k) plans, and other personal business that an employer is ob ligated to keep private.

Corporate certificate structures could also be moved to a web structure. The entry-level employee might get only a general signature, issued like an ID by the security department, while top management's certificates would be guaranteed by the personal digital signatures of the board of directors. Access to financial documents might require a certificate guaranteed by the comptroller's office, and in the case of special projects, compartmentalized security could be insured by requiring that someone's certificate bears the signature of the project manager.

Up to the Cover Story section contentsGo to previous article: Extending CertificatesGo to next article: Certificate SystemsSearchSend a comment on this articleSubscribe to BYTE or BYTE on CD-ROM  
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network