SPKI certificates have 5 parts

• ISSUER: The public key of the issuing party both as a name for the issuer and a means to verify the certificate
• SUBJECT: The public key receiving authority via this certificate
• AUTHORITY: The specific authorization(s) delegated by this certificate (may be delegated to another subject)
• VALIDITY: At least an expiration date, but perhaps also a means of online verification (such as a URL)
• SIGNATURE: Signature of the issuer (and optionally) the subject to accept the authority granted)

“<issuer> says that <subject> has attribute <auth>”

Previous slide

Next slide

Back to first slide

View graphic version