Certificate policy _____________________________________________________________________________
A specialized form of administrative policy tuned to electronic transactions performed during Digital Signature Certificate management. A Certificate Policy addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery and administration of digital certificates. Indirectly, a certificate policy can also govern the transactions conducted using a communications system protected by a certificate-based security system. By controlling critical certificate extensions, such policies and associated enforcement technology can support provision of the security services required by particular applications.
The CP is the administrative policy for certificate management. A CP addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery, and administration of digital certificates. Indirectly, a CP can also govern the transactions conducted using a communications system protected by a certificate-based system. By controlling critical certificate extensions, such policies and associated enforcement technology can support provisions of the security services required by a particular application.
A named set of rules that indicate the applicability of certificates for a specific class of applications with common security requirements. Such a policy might, for example, limit certain certificates to electronic data interchange transactions within given price limits.
A named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements. For example, a particular certificate policy might indicate applicability of a type of certificate to the authentication of electronic data interchange transactions for the trading of goods within a given price range.
Certificate policies are, in the X.509 version 3 digital certificate standard, the applications which a certifying CA declares a specific public/private key fit for.