SPKI certificates have 5 parts
- ISSUER: The public key of the issuing party both as a name for the issuer and a means to verify the certificate
- SUBJECT: The public key receiving authority via this certificate
- AUTHORITY: The specific authorization(s) delegated by this certificate (may be delegated to another subject)
- VALIDITY: At least an expiration date, but perhaps also a means of online verification (such as a URL)
- SIGNATURE: Signature of the issuer (and optionally) the subject to accept the authority granted)
“<issuer> says that <subject> has attribute <auth>”