authorization
Click on the red underlined text to get to the source
... delegation of IP address blocks, i.e., of
the authorization of an entity to use or sub-allocate IP address
...
... described in this section. An example of one use of the information
in this extension is an entity using it to verify the authorization
of an organization to originate a BGP UPDATE advertising a path to a
...
... the proper delegation of AS identifiers, i.e., of the authorization
of an entity to use these AS identifiers ...
... example of one use of the information in this extension is an entity
using it to verify the authorization of an organization to manage the
AS identified by an AS identifier ...
... certificate containing an ASIdentifierChoice containing an
asIdsOrRanges element is located. If no authorization is being
granted for a particular form of AS identifier, then there MUST NOT
...
... administrators, and users.
These extensions represent authorization information, i.e., a right-
to-use for IP addresses or AS identifiers ...
... currently managed differently. All organizations with the right-to-
use for an AS identifier receive the authorization directly from an
RIR. Organizations with a right-to-use for an IP address ...
... RIR. Organizations with a right-to-use for an IP address block
receive the authorization either directly from an RIR, or indirectly,
e.g., from a down stream ...
... service provider, who might receive its
authorization from an Internet service provider, who in turn gets its
authorization ...
... authorization from an Internet service provider, who in turn gets its
authorization from a RIR. Note that AS identifiers might be sub-
...
... public key certificates (PKCs)
with extensions that convey the authorization information:
"Authorization information ...
... authorization information:
"Authorization information may be placed in a PKC extension or
placed in a separate attribute certificate ...
... attribute certificate (AC). The placement of
authorization information in PKCs is usually undesirable for two
reasons. First, authorization information ...
... authorization information in PKCs is usually undesirable for two
reasons. First, authorization information often does not have the
same lifetime as the binding ...
... identity and the public key.
When authorization information is placed in a PKC extension, the
general result is the shortening of the PKC ...
... PKC issuer is not usually authoritative for the
authorization information. This results in additional steps for
the PKC issuer ...
... authoritative source."
"For these reasons, it is often better to separate authorization
information from the PKC. Yet, authorization information also
...
... "For these reasons, it is often better to separate authorization
information from the PKC. Yet, authorization information also
needs to be bound to an identity. An AC ...
... In the case of the IP address and AS identifier authorizations, these
reasons do not apply. First, the public key certificates are issued
...
... reasons do not apply. First, the public key certificates are issued
exclusively for authorization, so the certificate lifetime
...
... certificate lifetime
corresponds exactly to the authorization lifetime, which is often
tied to a contractual relationship between the issuer and entity ...
... certificate issuer is
authoritative for the authorization information.
Thus the two points in the first cited paragraph above are not true
...
... AC verifier when the holder wants to substantiate an
attribute or authorization. The intended usage for the extensions
defined herein does not have a direct interaction between an AC
...