3.4.4.1 Organizational CAs (original) (raw)
Connected: An Internet Encyclopedia
3.4.4.1 Organizational CAs
Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1422
Up: 3. Architecture
Up: 3.4 Roles and Responsibilities
Up: 3.4.4 Certification Authorities
Prev: 3.4.4 Certification Authorities
Next: 3.4.4.2 Residential CAs
3.4.4.1 Organizational CAs
3.4.4.1 Organizational CAs
Many of the CAs certified by PCAs are expected to represent organizations. A wide range of organizations are encompassed by this model: commercial, governmental, educational, non-profit, professional societies, etc. The common thread is that the entities certified by these CAs have some form of affiliation with the organization. The object classes for organizations, organizational units, organizational persons, organizational roles, etc., as defined in X.521, form the models for entities certified by such CAs. The affiliation implied by organizational certification motivates the DN subordination requirement cited in Section 3.4.2.4.
As an example, an organizational user certificate might contain a subject DN of the form: C = "US" SP = "Massachusetts" L = "Cambridge" O = "Bolt Beranek and Newman" OU = "Communications Division" CN = "Steve Kent". The issuer of this certificate might have a DN of the form: C = "US" SP = "Massachusetts" L = "Cambridge" O= "Bolt Beranek and Newman". Note that the organizational unit attribute is omitted from the issuer DN, implying that there is no CA dedicated to the "Communications Division".
Next: 3.4.4.2 Residential CAs
Connected: An Internet Encyclopedia
3.4.4.1 Organizational CAs