UseCondition Certificate


A UseCondition Certificate is a signed document that requires one or more attributes as a condition for an operation on a named resource. Taken together, all of the use-conditions define the group of entities that are permitted to access a resource (object or groups of objects). Each use-condition is, in effect, a piece of an access control list. UseCondition Certificates are created and signed by resource stakeholders. The stakeholder should store the Certificates in a directory that is accessible by the Akenti server, e.g in a Web Server, an LDAP server or on the resource gateway machine.

Contents of Use Condition Certificate

Example of XML Use Condition Certificate

<AkentiCertificate>
  <SignablePart>
    <Header type="UseCondition" SignatureDigestAlg="RSA-MD5" CanonAlg="AkentiV1">
        (...)
   </Header>
   < UseConditionCert scope="sub-tree" enable="false"> 
     <ResourceName>DieselCollab/PREServer/chad </ResourceName>
     <Condition> 
       <Constraint>(( cn = Diane Gomes ) | ( cn = Mary R. Thompson ))</Constraint>
       <AttributeInfo type="X509">
          <AttrName>cn</AttrName>
          <AttrValue>Diane Gomes</AttrValue>
          <CADN>/C=US/O=Diesel Combustion Collaboratory/OU=SNL/CN=DieselCert.ca.sandia.gov </CADN>
       </AttributeInfo>
       <AttributeInfo type="X509">
          <AttrName>cn</AttrName>
          <AttrValue>Mary R. Thompson</AttrValue>
          <CADN>/C=US/O=LBNL/OU=ICSD/CN=IDCG-CA</CADN>
       </AttributeInfo>
    </Condition>
    <Rights>read,execute </Rights>
  </UseConditionCert>
  </SignablePart>
</AkentiCertificate>

See Akenti Certificate Specification for the complete details.