PKI Roles and Privileges

From Dogtag
Jump to: navigation, search

Roles and Privileges

  • Privileged User Roles
    • Administrators, who can perform any administrative or configuration task for a subsystem.
    • Agents, who perform PKI management tasks, like approving certificate requests, managing token enrollments, or recovering keys.
    • Auditors, who can view and configure audit logs.
  • Boot strap user - special user automatically created at time of installation; this bootstrap user possesses all role user privileges
  • Trusted Managers - special group used for inter-CS communication
    • CA -> KRA
    • TPS->CA, TPS->TKS
    • An RA (Registration Authority) is an extension for the CA given to an external entity that handles its own authentication and can act on behalf of the users that it governs to submit requests to the CA

non-Role users/entities

  • EE, end entity users who have no privileges in the realm of RHCS system.