Making Certificates Programmable

Certificates carry signed statements within a Public- Key Infrastructure (PKI). As we begin to build more complex and more open PKIs, the limited expressiveness of current certificate languages becomes a concern. While certificates are traditionally treated as simple data structures conforming to a given schema, we show an alternative derivation of the concept of a certificate in which certificates can contain control information in the form of program code. One example is program code written in declarative statements in a variant of the relational algebra, which can work together in rich ways.