This
kind of usage pattern is well suited to the static nature of certi?¬?-
cates: The information a certi?¬?cate conveys, the name of the
website, and the cryptography necessary for secure communication
are usually enough for a customer to decide whether he
wants to do business with it. What are the shortcomings we
observed when we applied the same technology to end users?
Provisioning and maintenance are dif?¬?cult, to begin with; then,
there??™s the matter of the expressive power (credentials versus
identity). On the other hand, we were really happy about the
use of cryptography; it would be a real pity to forsake it.
The preceding considerations, and others not discussed here,
led to the great success of the concept of an issued token. A
token is in many ways similar to a certi?¬?cate. It is a data structure
that contains cryptographic material (keys), and it can be
associated to known entities. It is, however, usually much more
agile. It does not require a ?¬?le format or complex stores on disk,
it can be issued and used in a matter of milliseconds, it can have
an extremely short expiration time, and, perhaps more important,
it can contain statements about the entity it has been issued
for.
Pages:
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137