16th Annual Computer Security Applications Conference
December 11-15, 2000
New Orleans, Louisiana

Binding Identities and Attributes Using Digitally Signed Certificates

Joon S. Park
Naval Research Lab

Ravi Sandhu
George Mason Univ.

A certificate is digitally signed by a certificate authority (CA) to confirm that the information in the certificate is valid and belongs to the subject. Certificate users can verify the integrity and validity of a certificate by checking the issuing CA's digital signature in the certificate and, if necessary, chasing certificate chain and revocation lists. Usually, we use certificates to provide the integrity of identity or attribute information of the subject. Attributes must be coupled with the corresponding identities. In this paper, we introduce comprehensive approaches to bind identity and attribute certificates, identifying three different techniques: monolithic, autonomic, and chained signatures. We describe each technique and analyze the relative advantages and disadvantages of each.

Read Paper Read Paper (in PDF)