1. Field of the Invention
The present invention relates to digital certificates. More specifically, the present invention relates to a method and apparatus for associating a digital certificate with an enterprise profile.
2. Related Art
In conventional security systems for computer systems, a user's capabilities are typically tied to the identity of the user. This identity is often established by examining a digital certificate that the user presents to the system. The system then uses some type of mechanism to reconcile the capabilities that the user should be granted with the identity of the user. In an enterprise, the process of identifying the capabilities that for a user is typically repeated for every system that the user accesses within the enterprise. This is taxing on the enterprise's system resources because a similar capability-granting process must take place repeatedly as the user accesses different computer systems within the enterprise.
Moreover, a system developer must deploy and configure a capability-granting system for each system within the enterprise. Furthermore, if the enterprise needs to change how capabilities are granted, a system developer must implement the change in each system. Additionally, because capability granting is an important aspect of computer security, each system must be carefully designed and monitored to ensure that a breach of security does not occur.
Multiple certificate authorities are typically used to generate digital certificates. This means that each system within the enterprise system that grants capabilities based on a user's digital certificate must be designed to recognize a digital certificate from any of several certificate authorities, thereby increasing the workload for the system developer.
Hence, what is needed is a method and apparatus for mapping a user's capabilities to a digital certificate without the above-described problems.