Peter Trei wrote:
Actually, I've been thinking about this quite a bit recently. I'm building an SSL enabled server, and clent-side authentication may provide some help. I could see a user getting his or her public key certificate signed with different CA keys which assert any number of conditions, such as:
Key holder was born before (some particular date). Key holder has access to sales data for XYZ corp. Key holder is an adult who takes the first amendment seriously.
... and the server would recognize different CA signatures as permitting different levels of access.
This can be done with x509v3 certificate extensions. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.