Lockstep

[Skip Navigation]
  • Home
  • About Us
  • News
  • Services
  • Partners
  • Library
  • Contact Us
  • Babysteps
  • PKI
    • "Public Key Superstructure"
    • The importance of PKI today
    • Relationship Certificates
    • The "Security Printer" model for CA operations
    • Position Paper on PKI Governance in Australia
    • Position Statement on PKI of the Australian Security Industry
    • Audit based public key infrastructure
    • Privacy positive aspects of public key infrastructures
    • PKI Without Tears
    • Rethinking PKI - the electronic business card
    • Leveraging external accreditation to achieve PKI cross-recognition
    • Demystifying international cross-recognition of PKI
    • Will Biometrics Obsolete PKI?
    • Attribute Certificates and their Limitations
    • Problems in Mandating Strong Personal EOI in PKI
    • A vulnerability analysis of roaming soft certificate solutions
  • Privacy
  • Smartcards
  • eHealth
  • Identity & Authentication
  • Lockstep Technologies
  • Clients & Case Studies
  • Government submissions
  • Online Banking Review
  • Conference presentations
  • Selected Media Interviews
  • Return on Investment
  • Quotes
  • Links
  • Science generally
  • Downloads

Attribute Certificates and their Limitations

A critical review of "Attribute Certificates" and the problems associated with using them to convey special rights and credentials. First appeared in the Quarterly Journal of the PricewaterhouseCoopers Cryptographic Centre of Excellence Issue 3, 2000. Reproduced with persmission.

See also the more recent Lockstep whitepaper Relationship Certificates.

Attribute certificates are in vogue amongst some vendors and pundits, for conveying business credentials, independent from the holder's identity certificate. They are a new technology, supported by a handful of Certificate Authority (CA) vendors and only recently covered by the latest version of the X.509 digital certificate standard. They ought to be approached with caution on this basis alone. But more fundamentally, users should consider that 'identity' naturally comes in different guises, and should not be separated so strictly from 'attributes'. Traditional 'identity' certificates are in fact a powerful means for conveying business credentials in most e-business applications.

CCE Journal Issue 3[download, 1.28Mb]
© 2008 Lockstep Consulting ABN 59 593 754 482
11 Minnesota Avenue Five Dock NSW 2046
Mobile: +61 (0) 414 488 851 Email Us
Terms and Conditions