Introduction to Policy
Chapter
18
Setting Up Policies
561
Policy Rules
A policy rule refers to a uniquely configured instance of any policy plug-in
implementation. For example, you can use the plug-in module provided for setting
validity periods on certificates to configure a policy rule that forces validity periods
for all client certificates issued by a Certificate Manager to fall within a
predetermined range, say between 6 and 24 months. A subsystem’s policy
configuration can consist of one or more policy rules, each performing one or more
of the following operations:
•
Validate the request content by comparing it with configured criteria; reject,
modify, or defer (for agent approval) the request if any of the request
parameters are invalid.
•
Build certificate content—for example, set common extensions and the validity
period.
•
Enforce organizational constraints, such as subject name, key algorithm, key
size, and validity period.
•
Determine whether the private key should be archived.
Keep in mind that the server applies the rules when processing end-entity requests
and after agent approval (for deferred requests).
Types of Policy Rules
Certificate Management System supports distinct policy rules for each of the
operations that end entities perform—certificate enrollment, renewal, and
revocation, and key archival and recovery. Consequently, there are five broad
categories of policies, corresponding to these types of operations:
•
Enrollment policies
•
Renewal policies
•
Revocation policies
•
Key-archival policies
•
Key-recovery policies
To facilitate this classification, Certificate Management System supports a parent
interface for a generic policy rule and other operation-specific interfaces that
extend the parent interface. Check the CMS SDK, available in the form of Javadocs
at this location:
<server_root>/cms_sdk/cms_jdk/javadocs
Summary of Contents for NETSCAPE MANAGEMENT SYSTEM 6.0
Page 1: ...Installation and Setup Guide Netscape Certificate Management System Version6 0 March 2002...
Page 22: ...22 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 32: ...32 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 160: ...160 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 776: ...776 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 807: ...807 Part 5 Appendix Appendix A Certificate Download Specification...
Page 808: ...808 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 830: ...830 Netscape Certificate Management System Installation and Setup Guide March 2002...