VillageMall® offers secure Digital IDs based on X.509 certificates, to ensure your personal security thought out the VillageMall network.

What are certificates?

Certificates, serve as electronic credentials over the Internet for individuals and computer services (such as Web sites). They are used in the same way as user names and passwords authenticate people today for Web site access, communication and electronic commerce. Yet, unlike usernames and passwords Digital ID's cannot be forged.

An individual wishing to send an secure  message applies for a digital certificate from a Certificate Authority (CA). The CA issues an signed digital certificate containing the applicant's public key and a variety of other identification information. The CA makes its own certificate, and public key readily available.

The recipient of an secure message uses the CA's public key to verify the senders digital certificate attached to the message, and extracts the senders public key. With this information, the recipient can open the secure message or send an secure reply. The most widely used standard for digital certificates is X.509 which is the technology used by VillageMall.

When do I use MY certificate?

Your Certificate, is used whenever VillageMall needs to positively authenticate You. They may be required for all site activities such as WebLedger, and Village Bank.

X.509 ?

X.509 is an International Standard for Digital Certificates. The X.509 standard for digital certificates describes the binding of a named entity of a person or organization to an electronic identification key. The digital certificate contains information about its owner, its issuer, issue and expiry date stamps, and information for verifying the integrity of the certificate that can be used for digital IDs, digital signatures. A Digital certificate associated with the use of your Private key becomes your electronic Persona throughout the VillageMall network.

What is "Trust" of a Root certificate?

All commercial certification infrastructures have at least one Certification Authority, in order to make use of electronic validation performed by a Web server or browser or other secure applications, it is necessary for you to trust the certification Authority. This establishment of trust is commonly performed by adding the certification authority certificate and hence public key into a trust list within you browser.

Why do I need to explicitly Trust a Certification authority ?

You are the one that will make decisions based on the certificate infrastructure, ONLY You can make the decision about who you trust to perform the identification or secure web services. Microsoft, or Netscape do not take any risk if the CA is not meeting its obligations yet they implicitly establish numerous Certification Authorities as trusted without your involvement, this means that you may visit a site and establish secure session without you making an informed decision, or the software even warning you about what is happening "under the bonnet". Only time will tell if Microsoft will be held liable for this approach, at VillageMall we advise all clients to explicitly establish their own trust. Instructions are provided on how to remove Microsoft's pre-installed trust points.

Who should make the Trust decision?

We at VillageMall believe that only You, whether you are a customer, supplier or employee, can make the decision about who to Trust, we do not believe that Governments, or Mega corporations should, and can,  make that decision for You. The concept that everyone has to trust a root certificate, just because Microsoft does is quite bizarre. We also believe they should, at a minimum, advise you that they have made these decisions for you, when you install their software.

VillageMall empowers You to make this decision.

You should question any site or Organisation that 
a) does not explain the issues associated with trust, and 
b) that does not allow you to make the trust decision explicitly....


How do I Trust VillageMall?

Go to our security page and follow the instruction?