Role-Based Authentication
How can one user do another’s job?
- Sharing passwords (or certificates or tokens) is a bad idea.
Could use short-lived certificates.
Authorize multiple certificates for shared jobs -- same privileges, but different identity.
- Implies that each user has many certificates.
- Another reason to avoid a central, identity-based PKI.