Role of Claims based Authentication in Federated Security -- 3
With the basics of Cryptography discussed in the previous blog, we will now look at the Certificates and how the certificate chain is built. This is an important concept as the Claims based Authentication works in similar lines.
A certificate is an electronic document used to identify an individual, a server, a company, or some other entity and to associate that identity with a public key It typicall contains the following information
• Certificate Version
• Certificate Serial Number.
• Digital Signature algorithm used by user.
• Information about the CA
• Information about the entity using the certificate
• Public key of the entity using the certificate
• Certificate expiration date
• Digital Signature Algorithm used by the CA.
• A digital signature of the certificate contents signed by the CA
I would like to emphasize on the last point. Digital Signature of the contents by CA. This ensures that anybody who wants to validate the contents and who the issuer is, it is eaisly possible as in DS only the person with private key could have signed, thus verifying CA. In this way a chain of trust can be built. For Example, if Prashanth Govindaiah has a certificate issues by his department CA, ABC and if ABC is issues by Infosys CA and if Infosys CA certificate is issues by say Verisign. the verifier of my certificate through DS, will first get to know that this is issued by ABC, Since it does not trust ABC, it checks the DS and gets to know that Infosys has issues ABC. Since it does not trust Infosys, it checks DS and gets to know Verisign has issued it and since it trusts verisign, it in turn trusts other certificates in the chain. The same can be diagrammatically represented as
