Embodiments of the present invention generally relate to digital security and more specifically to certificate validation using AAA services.
Certificate validation may be a complex process that is used to validate a requester, which may be requesting access to a service. The certificate validation may include validating chains, verifying extensions, extracting names and checking revocation status. The service may send the certificate to a certificate validation authority for the validation. If the certificate is validated by the certificate validation authority, other validations are often required. For example, authorizations for the requester often need to be determined based on attributes from the certificate. Further, an authentication may need to be performed, such as validation of proof of possession of a private key or some type of authentication may need to occur. This may involve sending additional requests for these validations. Accordingly, a service may send multiple requests to different parties to validate a requester. This requires many round trips in that requests and responses are received from different parties. This may be complicated and does not provide an integrated validation of a requester.