☑ OCF Identity Certificate Issuance: The PLGD Certificate Authority is capable of issuing OCF identity certificates for users and devices by signing Certificate Signing Requests (CSRs).
☑ JWT Verification: The PLGD CA verifies the validity of JSON Web Tokens (JWTs) provided with the CSR to ensure the authenticity of the request.
☑ Protection Against Unauthorized Identity Certificate Issuance: The PLGD CA has stringent policies in place to prevent devices or users with malicious intent from obtaining identity certificates that have already been signed for other devices.
☑ HTTP and gRPC API: The PLGD CA provides both an HTTP and gRPC API, allowing users to interact with the CA and perform certificate-related operations.
☑ Automatic Deletion of Expired Certificates: Non-identity certificates are automatically deleted by the PLGD CA once they expire, ensuring a secure and clutter-free certificate infrastructure.
☐ Profiles: The PLGD CA will introduce the concept of profiles for identity certificates. These profiles will be based on the owner’s information from the JSON Web Token (JWT) and the type of certificate (device or user). With profiles, different configurations and settings can be applied to each type of certificate, allowing for more customization and flexibility.
☐ Certificate Revocation: The PLGD CA will implement a certificate revocation mechanism. This will involve maintaining a Certificate Revocation List (CRL) that keeps track of revoked certificates. The CA will regularly check the validity of certificates against the CRL to ensure that any compromised or invalid certificates are promptly revoked and no longer considered valid.