Editing Authorization certificate (section)

In [[computer security]], an '''attribute certificate''',  or '''authorization certificate''' ('''AC''') is a [[digital document]] containing attributes associated to the holder by the issuer.{{Ref RFC|4949|notes=no}} When the associated attributes are mainly used for the purpose of [[authorization]], AC is called '''authorization certificate'''. AC is standardized in [[X.509]]. RFC 5755 further specifies the usage for authorization purpose in the Internet.

The authorization certificate works in conjunction with a [[public key certificate]] (PKC). While the PKC is issued by a [[certificate authority]] (CA) and is used as a proof of identity of its holder like a [[passport]], the authorization certificate is issued by an attribute authority (AA) and is used to characterize or entitle its holder like a [[Visa (document)|visa]]. Because identity information seldom changes and has a long validity time while attribute information frequently changes or has a short validity time, separate certificates with different security rigours, validity times and issuers are necessary.<ref>{{cite journal|author1=Farrell, S. |author2=Housley, R |title=An Internet Attribute Certificate Profile or Authorization|version=RFC 3281}}</ref>