Certificates and Authentication810 Netscape Certificate Manager System Administrator’s Guide • June 2003evaluation process can employ a variety of standard authorizationmechanisms, potentially using additional information in an LDAP directory,company databases, and so on. If the result of the evaluation is positive, theserver allows the client to access the requested resource.As you can see by comparing Figure J-5 to Figure J-4, certificates replace theauthentication portion of the interaction between the client and the server. Insteadof requiring a user to send passwords across the network throughout the day,single sign-on requires the user to enter the private-key database password justonce, without sending it across the network. For the rest of the session, the clientpresents the user’s certificate to authenticate the user to each new server itencounters. Existing authorization mechanisms based on the authenticated useridentity are not affected.How Certificates Are Used• Types of Certificates• SSL Protocol• Signed and Encrypted Email• Form Signing• Single Sign-On• Object SigningTypes of CertificatesFive kinds of certificates are commonly used with Netscape products:• Client SSL certificates. Used to identify clients to servers via SSL (clientauthentication). Typically, the identity of the client is assumed to be the sameas the identity of a human being, such as an employee in an enterprise. See“Certificate-Based Authentication,” which begins on page 808, for adescription of the way client SSL certificates are used for client authentication.Client SSL certificates can also be used for form signing and as part of a singlesign-on solution.Examples: A bank gives a customer a client SSL certificate that allows thebank’s servers to identify that customer and authorize access to the customer’saccounts. A company might give a new employee a client SSL certificate thatallows the company’s servers to identify that employee and authorize access tothe company’s servers.