Discuss Ch4Part5 here

The elements of PKI (especially Certificates) were first developed in 1988, long before the explosion of network access through the Internet. The idea of a Certificate was to have a document digitally signed by a widely known authority (as a driver's license is issued by the State, or a passport is issued by the country) that provided an identity and attributes about you. This Certificate was good for a period of time (typically a year or two) after which it needed to be reissued.

Although these original elements remain useful today, the world has changed and their use is quite different from the original design. Today any useful attributes and identity can be maintained online, and all institutions and even most individuals can have instant, reliable access to it. The original Certificate format has a use, but rather than depending on the information that the Certificate carries, which may be several years old, modern systems will use the identity that it declares to fetch up to date information over the Internet. The packet of current information transmitted in response to this request may itself be digitally signed in what amounts to a new Certificate-like format, but it will be based on standards of the World Wide Web [SAML, XML Digital Signatures] and not the conventions of 1988.