attribute certificate

Senses

1 (I)

A digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public key certificate. (See: capability token.)

IETF RFC 4949 (Internet Security Glossary)

Bibliography

IETF RFC 4949 (Internet Security Glossary)
Accessed Jan 06, 2026Quoted
RFC 4949 — Internet Security Glossary (Version 2)
https://www.rfc-editor.org/rfc/rfc4949.txt
RFC 4949 is published by the IETF Trust and marked as "Distribution of this memo is unlimited". Verify IETF Trust copyright/licensing terms for reuse.
Source: IETF RFC 4949 (rfc-editor.org).

2 (O)

"A data structure, digitally signed by an [a]ttribute [a]uthority, that binds some attribute values with identification information about its holder." [X509] Tutorial: A public key certificate binds a subject name to a public key value, along with information needed to perform certain cryptographic functions using that key. Other attributes of a subject, such as a security clearance, may be certified in a separate kind of digital certificate, called an attribute certificate. A subject may have multiple attribute certificates associated with its name or with each of its public key certificates. An attribute certificate might be issued to a subject in the following situations: Different lifetimes: When the lifetime of an attribute binding is shorter than that of the related public key certificate, or when it is desirable not to need to revoke a subject's public key just to revoke an attribute. Different authorities: When the authority responsible for the attributes is different than the one that issues the public key certificate for the subject. (There is no requirement that an attribute certificate be issued by the same CA that issued the associated public key certificate.)

"A data structure, digitally signed by an [a]ttribute [a]uthority, that binds some attribute values with identification information about its holder." [X509]

Tutorial: A public-key certificate binds a subject name to a public key value, along with information needed to perform certain cryptographic functions using that key. Other attributes of a subject, such as a security clearance, may be certified in a separate kind of digital certificate, called an attribute certificate. A subject may have multiple attribute certificates associated with its name or with each of its public-key certificates.

An attribute certificate might be issued to a subject in the following situations:

Different lifetimes: When the lifetime of an attribute binding is shorter than that of the related public-key certificate, or when it is desirable not to need to revoke a subject's public key just to revoke an attribute.
Different authorities: When the authority responsible for the attributes is different than the one that issues the public-key certificate for the subject. (There is no requirement that an attribute certificate be issued by the same CA that issued the associated public-key certificate.)