Authentication Decisions
Chapter
4
Planning Your Deployment
179
Authentication Decisions
CMS managers use authentication modules to verify the identity of a user
requesting a service, such as certificate enrollment. For example, a user can be
prompted to provide a name and password, and the authentication module can
check a directory entry to confirm that they are correct.
Authentication is one of the essential functions of Certificate Management System.
The main purpose of a certificate is to provide a trustworthy association between
the public key of the subject and the subject’s name and other attributes. Therefore
the manner in which administrators, agents, and end entities are authenticated,
especially for operations related to certificate enrollment, requires careful planning
and control throughout the lifetime of a PKI deployment.
For examples of some different approaches to authentication during certificate
enrollment, see Chapter 2, “Certificate Enrollment and Life-Cycle Management.”
For a detailed overview of authentication management using Certificate
Management System, see Chapter 15, “Setting Up End-User Authentication.”
Policy Decisions
CMS managers use policies to evaluate or verify incoming certificate enrollment or
management requests from end entities and to determine the outcome. For
example, in the case of certificate enrollment request, the outcome is the issued
certificate.
Decisions regarding policies depend on both the subsystem involved and your
overall topology. Whether your CA signing certificate is self-signed or not, it
represents part of a certificate hierarchy. For example, a CA may be a root CA for
subordinate CAs that issue certificates to different parts of a large organization, or
it may be one of the subordinate CAs that chain up to an internal root CA, or it may
be a linked CA that chains up to a third party.
Policies configured for a Certificate Manager apply to all certificates issued by that
Certificate Manager or its subordinates. Policies configured for a Registration
Manager subsystem are local to the Registration Manager. This distinction can be
used to model the levels of authority within an organization. Enrollment can be
fully automated by means of custom policy and authentication subsystems at the
Registration Manager level.
Summary of Contents for NETSCAPE MANAGEMENT SYSTEM 6.0
Page 1: ...Installation and Setup Guide Netscape Certificate Management System Version6 0 March 2002...
Page 22: ...22 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 32: ...32 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 160: ...160 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 776: ...776 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 807: ...807 Part 5 Appendix Appendix A Certificate Download Specification...
Page 808: ...808 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 830: ...830 Netscape Certificate Management System Installation and Setup Guide March 2002...