Authenticate User or Computer Identity by Using an X.509 Certificate

Goal: To authenticate the identity of a user or computer to the AA by using an X.509 certificate.

Context of Use: Same as section

Direct Actor: Same as section

Primary Actor: Same as section

Supporting Actors: Same as section


  • Same as section

Minimal Guarantees: Same as section

Success Guarantee: Same as section

Main Success Scenario:

  1. To prove the identity of the user or computer by using PKI services, the Authentication Client submits to the AA user or computer credential information that consists of the user name or computer account name, the domain name, the user's or computer's X.509 certificate, and a timestamp that is signed by using the certificate.

  2. The AA validates the certificate chain, verifies the signature on the timestamp by using PKI services, and then looks up the account in the account DB. When verification succeeds, the AA returns to the Authentication Client a TGT and a session key encrypted with the public key of the user's certificate.

Postconditions: Same as section