-----Original Message----- From: David Chadwick [mailto:d.w.chadwick@kent.ac.uk] Sent: Thursday, October 13, 2005 2:39 AM ...
Robert
perhaps the real question is, do you change your authorisation rights more or less frequently than your identifier. If more frequently, then it does not really matter if your identifier changes every year or two since you can change your authorisation rights to match the new identifier when it comes active. But if your authorisation rights are much longer lived than your identifier, then it becomes a pain to have to change these as well. However, in this case I would suggest that your authorisation rights are wrapped into the PKC, say in the subjectDirectoryAttributes extension, then they would carry over to the new identifier.
regards
David
In teresting point .. and that is precisely a problem we have with Attribute Certificates and Proxy Certificate renewal. I have been wondering if we can extend the allowed lifetime of proxy certificates so long as we can revoke their authorizaton to do anything. BC