UseCondition Certificate
Security Hompage
![]() ![]() ![]() ![]() |
A UseCondition Certificate is a signed document that requires one or
more attributes as a condition for an operation on a named resource.
Taken together, all of the use-conditions define the group of entities
that are permitted to access a resource (object or groups of objects).
Each use-condition is, in effect, a piece of an access control list.
UseCondition Certificates are created and signed by resource
stakeholders. The stakeholder should store the Certificates in a directory
that is accessible by the Akenti server, e.g in a Web Server, an LDAP server
or on the resource gateway machine.
<AkentiCertificate> <SignablePart> <Header type="UseCondition" SignatureDigestAlg="RSA-MD5" CanonAlg="AkentiV1"> (...) </Header> < UseConditionCert scope="sub-tree" enable="false"> <ResourceName>DieselCollab/PREServer/chad </ResourceName> <Condition> <Constraint>(( cn = Diane Gomes ) | ( cn = Mary R. Thompson ))</Constraint> <AttributeInfo type="X509"> <AttrName>cn</AttrName> <AttrValue>Diane Gomes</AttrValue> <CADN>/C=US/O=Diesel Combustion Collaboratory/OU=SNL/CN=DieselCert.ca.sandia.gov </CADN> </AttributeInfo> <AttributeInfo type="X509"> <AttrName>cn</AttrName> <AttrValue>Mary R. Thompson</AttrValue> <CADN>/C=US/O=LBNL/OU=ICSD/CN=IDCG-CA</CADN> </AttributeInfo> </Condition> <Rights>read,execute </Rights> </UseConditionCert> </SignablePart> </AkentiCertificate>