Akenti Attribute Certificate
Security Hompage
![]() ![]() ![]() ![]() |
An attribute certificate certifies that a particular user as specified by a
Distinguished Name (DN) possesses a value for a given attribute.
The Attribute Certificate issuer signs the certificate and posts it to
designated Web or LDAP servers.
Use Attribute.sh to generate these certificates. The exact order and content is required and once the certificate has been signed any changes will invalidate the signature.
<AkentiCertificate> <SignablePart> <Header type="Attribute" SignatureDigestAlg="RSA-MD5" CanonAlg="AkentiV1"> (...) </Header> <AttributeCert> <SubjectAndCA> <UserDN>/C=US/O=LBNL/OU=ICSD/CN=Mary R. Thompson</UserDN> <CADN>/C=US/O=LBNL/OU=Certificate Authorities/CN=IDCG-CA</CADN> </SubjectAndCA> <AttrName>group</AttrName> <AttrValue>sysadmin</AttrValue> <Condition> <Constraint>(IP=131.243.2.11)</Constraint> <AttributeInfo type="SYSTEM"> <AttrName>IP</AttrName> <AttrValue>ANY</AttrValue> </AttributeInfo> </Condition> </AttributeCert> </SignablePart> </AkentiCertificate>