Akenti Attribute Certificate


An attribute certificate certifies that a particular user as specified by a Distinguished Name (DN) possesses a value for a given attribute. The Attribute Certificate issuer signs the certificate and posts it to designated Web or LDAP servers.

Contents of Attribute Certificate


Example Attribute Certificate

Use Attribute.sh to generate these certificates. The exact order and content is required and once the certificate has been signed any changes will invalidate the signature.

<AkentiCertificate>
  <SignablePart>
     <Header type="Attribute" SignatureDigestAlg="RSA-MD5" CanonAlg="AkentiV1">
     (...)
     </Header>
    <AttributeCert>
      <SubjectAndCA>
         <UserDN>/C=US/O=LBNL/OU=ICSD/CN=Mary R. Thompson</UserDN>
         <CADN>/C=US/O=LBNL/OU=Certificate Authorities/CN=IDCG-CA</CADN>
      </SubjectAndCA>
      <AttrName>group</AttrName>
      <AttrValue>sysadmin</AttrValue>
      <Condition>
         <Constraint>(IP=131.243.2.11)</Constraint>
         <AttributeInfo type="SYSTEM">
           <AttrName>IP</AttrName>
           <AttrValue>ANY</AttrValue>
        </AttributeInfo>
      </Condition> 
    </AttributeCert>
  </SignablePart>
</AkentiCertificate>

See Akenti Certificate Specification for the complete details.