Today's enterprise applications and services have an increasing need to secure their communication. This is true whether the clients of these applications and services are present on the Internet or on the corporate intranet.
Digital certificates and PKI provide an appropriate infrastructure for enabling secure communication between these applications and services and their clients. One way to perform proper authentication and authorization (i.e., to provide services corresponding to a particular client) is to use a directory, such as MICROSOFT's ACTIVE DIRECTORY (AD). This allows the client's security identity in the directory to be used to perform both authentication and authorization.
However, use of a directory requires that the clients be joined to a domain. In the absence of such a directory and/or domain-joined clients, there is a need for a secure database that can be used to store the clients' identities and their corresponding security identities. This secure database needs to initially be populated through a registration process. Only after proper registration can the secure database be used to authenticate and/or authorize both domain-joined and non-domain-joined clients, such as computers, devices, cell phones, etc. One suitable way to populate the secure database is to do the registration at the time of certificate issuance. While this is suitable for new certificates, this does not work for certificates that have already been deployed.