Automated Issuance of Digital Certificates through the Use of Federations

Abstract

In recent years, there has been a trend for developing single sign-on systems. One alternative to deploy such systems is the use of Federated Identity Management systems. We argue that it is possible to use identity federations to automate the digital certificate issuance and use these certificates to authenticate back into federations. We use the data provided by the user's identity provider to build his certificate, reducing the costs of maintaining several registration authorities and simplifying the certificate issuance process. Making the process simpler to the users, we also encourage them to request and use their certificates. In special, the use of digital certificates for authentication can improve the usability and security of the authentication process. Furthermore, we present a prototype proving the feasibility of our proposal, as well as a discussion of the security and potential applications.