In certain systems, it may be a
string representing a username, some means for verifying the
corresponding password, a set of permissions codi?¬?ed in some
way, and the home directory; in others, it may contain something
more or something less, but that is the basic idea. What
does it mean, in practical terms, that the account is a managed
resource? It means that the network handles its creation, provisioning,
maintenance, and deletion. The network governance
can exercise complete control over the account itself. In such a
situation, assigning a certi?¬?cate to every account on the network
is reasonably easy. The network can have its own CA, which
can issue a certi?¬?cate contextually to the provisioning of an
account; the network itself can take care of distributing the certi
?¬?cate in the appropriate locations; again, the network can take
care of eliciting a certi?¬?cate renewal when the time comes, enforce
certi?¬?cate revocation when appropriate, and verify proper
usage at every step. It is also easy to get every service and resource
in the network to trust certi?¬?cates emitted by the corporate
CA because everything lies under the umbrella of the same
authority.
Pages:
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122