Role-Based Authentication

• How can one user do another’s job?

  • Sharing passwords (or certificates or tokens) is a bad idea.

• Could use short-lived certificates.

• Authorize multiple certificates for shared jobs -- same privileges, but different identity.

  • Implies that each user has many certificates.
    • Another reason to avoid a central, identity-based PKI.

Previous slide

Next slide

Back to first slide

View graphic version