3 Certificate uses

3.1.1 There are two major uses of certificates: identity and access.

3.1.2 Identity certificates, have several sub-uses, which provide proof of identity for:

• Individual (person)

• Device (machine)

• Role (person(s) in a role)

• Membership (person has eligibility)

• Proxy (machine acting for a person)

3.1.3 The concept of Organisation can be covered by Role e.g. a role of "Common Seal of the Company" represents an organisation.

3.1.4 The concept of Delegation can be covered by Role. For instance, a PA has the delegated authority to act on behalf of the CEO in certain areas. The PA would have the role of "PA to the CEO". The PA may sign on behalf of the CEO - typically there are other checks and balances to manage issues such as misrepresentation.

3.1.5 A membership certificate is used to demonstrate registration, membership, certification or similar capability.

3.1.6 Access certificates act similar to a physical key. They also have several sub-types

• Access to a resource

• Anonymous access

3.1.7 Possession of an "access to a resource" certificate, acts like a physical key, the user can access a resource, such as an encrypted laptop.

3.1.8 An "anonymous access" certificate is similar to "access to a resource", but has little or no identifying information - the equivalent of an unlabelled key - it provides access, but anyone finding it, must know where to present it, to be given access.