Security |
Many-to-one mapping is the mapping of many certificates to a single user account. For example, assume you have a partnership with an agency that provides temporary workers for your job openings. You would like to allow the agency personnel to view Web pages describing current job openings that are otherwise accessible only to company employees. The agency has its own trusted CA that it uses to issue certificates to its employees. After installing the agency CA’s root certificate (a certificate at the top of the certification hierarchy) that is trusted in your enterprise, you can set a rule that maps all certificates issued by that CA to a single Windows account. You then set NTFS access rights so that the account can access the Web pages. Typically, you will choose a Windows account name that reflects the role or company name of the trusted company, for example TempAgency.
Now, when employees from the agency connect to the agency’s Web server and provide their certificates, they are mapped to the same account and can access those pages and no others. This is nice from an administrative viewpoint because the agency can now issue certificates and manage its users, without requiring you to do any more work.