Authorization is based on registered contact information for DNS names managed in UW DNS, and based on UW group memberships for DNS names managed outside of UW DNS.
InCommon CA or UW CA?
In general, use InCommon CA if the certificate is for website SSL, and UW CA if the certificate is for authenticating to a UW web service (e.g. student web service or person web service). For more information see CA comparison.
Important notice for InCommon SSL certificate customers
If you are using an InCommon SSL certificate that expires on or after 1/1/2016, you may need to obtain a new SSL certificate to avoid certificate warnings in at least one popular browser. This change is related to an industry-wide migration away from the SHA-1 signing algorithm in favor of SHA-2. Read Transition to InCommon SSL Certificates Signed with SHA-2 to learn more.
Server certificates for website SSL
InCommon CA is rooted in a commercial CA certificate trusted by browsers and OSes.