Digital certificates are known in the art. They contain the identity of an entity in the form of a person or institution or machine, for which the certificate has been issued. The term subscriber is used here and below, to which a certificate can be associated. A subscriber can in this context be a computer or a machine for which the certificate is issued. Likewise, a “subscriber” can relate to a computer or machine which administers the certificate of a person or institution. Due to the responsibility for the administration of the certificate, the certificate is associated to the computer or the machine.
A certificate contains a public key for the corresponding entity, and the owner of the certificate can be confirmed by way of a digital signature in the certificate. The digital signature is in this case calculated by a certificate issuing unit. By means of a root-certificate from this issuing unit or by a certificate chain leading to the root-certificate, the signature can be verified as valid. Additional information can be encoded in a digital certificate in the form of what are referred to as attributes, by means of which entitlements for the user of the certificate or utilization restrictions on the certificate can be specified.
Certificates as a rule exhibit a limited period of validity, which is specified as information in the certificate. After the end of the period of validity, the certificate automatically becomes invalid. It must therefore be ensured, within the framework of the administration of certificates, that a certificate which is intended to be available beyond its period of validity will be promptly replaced by a corresponding certificate with a new period of validity. In practice, this is associated with a high level of administrative effort. In particular with the issue of certificates for automation devices, which will be used over a long period of time and are not subject to a stringent computer administration, this can only be put into effect with difficulty. There is indeed the possibility of issuing certificates with very long or unlimited periods of validity, but this increases the risk of misuse.
The general principle of revoking certificates is also known in the art. The revocation of certificates is, however, an elaborate matter, because certificate revocation lists must be issued and distributed. Moreover, a certificate which has once been revoked is permanently invalid and cannot be reactivated again.
For the authentication of a subscriber in relation to another subscriber or to a service (e.g. Web service), the use is known of what are referred to as SAML assertions (SAML=Security Assertion Mark-up Language). These assertions represent statements which are assured by an issuer of the assertions. The authentication of the subscriber in respect of another subscriber or a service can therefore be linked to the issue of corresponding SAML assertions. Only if predetermined assertions are assured for a subscriber will his authentication take place.
Also known in the art is what is referred to as the “claims-based authorization model”, which was developed by the company Microsoft®. In this situation, a user is not represented by a fixed identity, but by a quantity of what are referred to as claims, which confirm the properties of the user. A possible claim is, for example, an authentication by means of a certificate, a password, and the like. Depending on the claims present, access is either granted or rejected.
The publication S. Farrell, Trinity College Dublin, R. Housley, Vigil Security, S. Turner, IECA: “An Internet Attribute Certificate Profile for Authorization, rfc5755.txt”, Internet Engineering Task Force, IETF; Standard, Internet Society (ISOC) 4, Rue des Falaises CH-1205 Genf, Switzerland, Jan. 25, 2010, pages 1 to 50, describes the use of attribute certificates which contain a set of attributes which can be used to authorize a subscriber.
In the anonymous document: “SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0”, Aug. 10, 2010, pages 1 to 24, the authentication of a subscriber is described using SAML assertions.
The publication Cantor, Scott et al.: “An X.509 Binding for SAML”, Jan. 17, 2007, pages 1 and 2, discloses the embedding of SAML assertions in X.509 certificates.