Names

Certification Authorities

The CILogon Certification Authorities use the following Issuer Distinguished Names:

/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Silver CA 1
/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Basic CA 1
/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon OpenID CA 1

Certificate Subjects

The CILogon Basic and Silver CAs issue certificates with Subject Distinguished Names of the following form:

/DC=org/DC=cilogon/C=US/O=OrganizationDisplayName/CN=displayName UID

In the above template:

  • OrganizationDisplayName is the value of the OrganizationDisplayName element in the EntityDescriptor for the identity provider found in the SAML metadata for the InCommon Federation.
  • displayName is the value of the RFC 2798 inetOrgPerson DisplayName attribute in the SAML authentication assertion.
  • UID is a unique identifier for the subscriber, assigned by the CA, to ensure uniqueness of subject names.

For example:

/DC=org/DC=cilogon/C=US/O=University of Illinois at Urbana-Champaign/CN=Jim Basney A47983

The CILogon OpenID CA issues certificates with Subject Distinguished Names of the following form:

/DC=org/DC=cilogon/C=US/O=OpenIDProvider/CN=EndEntityName UID

In the above template:

  • OpenIDProvider is an identifier for the OpenID Provider ("Google", "Yahoo", "Verisign", etc.).
  • EndEntityName is a presentation of the subject's name provided by the OpenID Provider in OpenID namePerson, fullname, or similar attributes.
  • UID is a unique identifier for the subscriber, assigned by the CA, to ensure uniqueness of subject names.

For example:

/DC=org/DC=cilogon/C=US/O=Google/CN=Jim Basney A437