A certificate authority may create for a server a certificate that binds an identity of the server to a public key of the server using a digital signature of the certificate authority. The server may authenticate itself to a client by presenting to the client the certificate issued by the certificate authority. The client, which is in possession of a root certificate of the certificate authority, may use the root certificate to validate the certificate received from the server.
A process or application running on a device may have one or more specified capabilities. The capabilities of a process may include permission to access specific objects or to perform operations on specific objects or both. Examples of objects include files, directories, hardware devices, and the like. Examples of operations include reading, writing, executing, and the like. The capabilities of a process may be specified in a number of different ways, including, for example, through a manifest file describing the specific capabilities, through owner permissions, through group permissions, and the like.
Appendix A is an example X.509 root certificate; and
Appendix B is an example X.509 process certificate that is digitally signed by the example X.509 root certificate of Appendix A.