Fw: X.509 Attribute Certificate

Zahid Ahmed (zahmed@veosystems.com)
Fri, 12 Mar 1999 06:50:12 -0800

From: "Zahid Ahmed" <zahmed@veosystems.com>
To: <java-security@java.sun.com>
Subject: Fw: X.509 Attribute Certificate
Date: Fri, 12 Mar 1999 06:50:12 -0800

This is a multi-part message in MIME format.

------=_NextPart_000_1150_01BE6C54.93C81A90
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_1151_01BE6C54.93C81A90"

------=_NextPart_001_1151_01BE6C54.93C81A90
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Is there currently any support to generate X.509 Attribute Certificates =
using
currently available JCE Package?=20
=20
1. If not, how can we extend and/or generate such a certificate using=20
JCE? The thing is that an attribute certificate does not have a public=20
key associated with it. Hence, it can not, e.g., extend =
java.security.cert.Certificate.=20
(Or, if does, we are really associating a public key with a
group or organization which is not compatible, I believe,
with PKIX X.509 end-entity identity X.509 certs).
How can one create a X.509 Attribute Certificate? Also, are there=20
plans to do this in JCE?
=20
2. Also, I want to be able to include an attribute certificate in a=20
X.509Certiifcate which is an exetnsion of =
java.security.cert.certificate.=20
How can we add such an extension to X.509Certificate class?

Since this problem borders some evolving standards, please provide some
recommendation of how this can be done for allowing groups and roles
to be associated with an end-entity certificates.
=20
thanks & regards.=20

Zahid Ahmed Commerce One, Inc.
Commerce Security Architect
email: zahmed@veosystems.com
v: (650)-623-2814
fax: (650)-938-8055=20

------=_NextPart_001_1151_01BE6C54.93C81A90
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">


Is there currently any support to generate X.509 = Attribute=20 Certificates using
currently available JCE Package? 
 
1. If not, how can we extend and/or generate such a=20 certificate using
JCE? The thing is that an attribute certificate does = not have=20 a public 
key associated with it. Hence, it can not, e.g., = extend=20 java.security.cert.Certificate. 
(Or, if does, we are really associating a public key with a
group or organization which is not compatible, I believe,
with PKIX X.509 end-entity identity X.509 certs).
How can one = create a X.509=20 Attribute Certificate? Also, are there
plans to do this in = JCE?
 
2. Also, I want to be able to include an attribute = certificate=20 in a
X.509Certiifcate which is an exetnsion of=20 java.security.cert.certificate. 
How can we add such an extension to X.509Certificate = class?
 
Since this problem borders some evolving standards, = please=20 provide some
recommendation of how this can be done for allowing = groups and=20 roles
to be associated with an end-entity = certificates.
 
thanks & regards. 
 
Zahid=20 Ahmed           &n= bsp;        =20 Commerce One, Inc.
Commerce Security Architect
email: zahmed@veosystems.com
v:=20 (650)-623-2814
fax: (650)-938-8055
 
------=_NextPart_001_1151_01BE6C54.93C81A90-- ------=_NextPart_000_1150_01BE6C54.93C81A90 Content-Type: text/x-vcard; name="Zahid N. Ahmed.vcf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="Zahid N. Ahmed.vcf" BEGIN:VCARD N:Ahmed;Zahid;N. FN:Zahid N. Ahmed EMAIL;PREF;INTERNET:zahid.ahmed@commerceone.com END:VCARD ------=_NextPart_000_1150_01BE6C54.93C81A90--