Active certificates: a new paradigm in digital certificate management

摘要

Digital certificates form the basis for trust among entities in distributed systems. Current digital certificates are passive entities (i.e., they contain only data). The passive nature of the certificates has greatly limited the scope of use of the certificates. In addition, the data-only certificates also limit the architectures supporting the certificate management and verification. We propose the concept of active certificates - certificates that contain both data and executable code. With this new concept, the use of certificates can now be extended to other areas such as authorization, privilege management, and access control. More importantly, it gives rise to the possibility of more flexibility in system architectures. We discuss the active certificate concept, some candidate architectures for certificate management, and application areas for the concept.