How Authentication Works - Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual

Enrollment Overview

How Authentication Works

An end entity submits a request for enrollment. The form or method used to
submit the request identifies the method of authentication and enrollment. If the
HTML end-entity interface is used to submit the request, the form used by the end
entity to make the request contains hidden values that associate this form, and thus
this submission, with an authentication method.
If the authentication method is an agent-approved enrollment, the end entity
submits the request, which is then sent to the request queue of the agent services
interface. If the automated notification for request in queue is set up, an email
message is sent to the agent or agents set up to receive this message, informing
them that a new request has been received.
The agent can change some aspects of the request depending on which aspects can
be changed in the request form and the constraints set up in either the policies or
certificate profiles set up. The agent can then reject the request, change the status of
the request, or approve the request. The request must also pass the policies or
certificate profiles set up for the Certificate Manager. If the subsystem where the
request is submitted is a Registration Manager, the request must pass the policies
and certificate profiles of both the Registration Manager and the Certificate
Manager. Once the request is approved by an agent and passes the policies or
certificate profiles, the certificate is issued. When the certificate is issued, it is stored
in the internal database and can be retrieved by the end entity from the end-entity
interface by serial number or by request Id.
If the enrollment method is an automated method, the end entity submits the
request along with whatever information is needed to authenticate the user. Upon
successful authentication of the user, the request is then processed without being
sent to the agent's queue. If the request passes the policy or certificate profile
configuration of the Certificate Manager, the request is processed and the
certificate is issued. If the subsystem where the request is submitted is a
Registration Manager, the request must pass the policies and certificate profiles of
both the Registration Manager and the Certificate Manager. When the certificate is
created, it is stored in the internal database and it is delivered to the end entity
immediately via the HTML forms.
You can set up an automated notification for any method that sends an email to the
end entity when the certificate is issued.
Chapter 9 Authentication 385