An attribute is a parameter data item for a certificate to define one type of conditions, constraints or actions to conclude the authorization result. This chapter describes various attributes contained in a certificate for authorization.
A certificate should not be valid forever. It should be defined to be only valid during a specific period of time.
Once authorization is passed, a SyncOffice work session starts. This session should be also not valid forever. It should be valid only for a specified period of time.
Network place is an important factor. SyncOffice work is allowed in company network, but may not be allowed in home network or at other public place.
Certificate can also be limited to be valid only in office hours, not in weekend.
Some control parameters are related to Local Access Control or no Internet connection case. When applied Local Access Control, a local real time AccessCode is generated and if its Passcode is passed, a managed work session is started. The life time of such a session should be defined.
If applying Asymmetric Style Key is another question for security. The document password key stored in a certificate as a whole string is not so safe. Better to activate Asymmetric Style Key feature to let RAS/RSS store part of it. But this option presumes the Internet/RAS/RSS is always available for support.
A certificate issued to an end-user also can grant a privilege to let end-user to use Runtime Config to switch between two realms, typically one is his company, another is his personal realm.
Various attributes data define the behavior of a certificate, they collectively form a certificate. When an instance of SyncOffice Manager starts, it loads from template data from database into a string array buffer in memory cache to create a raw certificate meta buffer named CertBuf. All follow up configurations are on this CertBuf meta buffer, until it is output and encrypted as a certificate file.
The follow figure shows the CertBuf meta buffer formation, which lists certificate profile data and all its attribute members.
Next, we will discuss these attribute data one by one.