<P> The current use of X. 509v3 certificates outside the Directory structure loaded directly into web browsers was necessary for e-commerce to develop by allowing for secure web based (SSL / TLS) communications which did not require the X. 500 directory as a source of digital certificates as originally conceived in X. 500 (1988). One should contrast the role of X. 500 and X. 509 to understand their relationship in that X. 509 was designed to be the secure access method for updating X. 500 before the WWW, but when web browsers became popular there needed to be a simple method of encrypting connections on the transport layer to web sites . Hence the trusted root certificates for supported certificate authorities were pre loaded into certificate storage areas on the personal computer or device . </P> <P> Added security is envisaged by the scheduled 2011 - 2014 implementation of the US National Strategy for Trusted Identities in Cyberspace, a two - to three - year project protecting digital identities in cyberspace . </P> <P> The WWW e-commerce implementation of X. 509v3 bypassed but did not replace the original ISO standard authentication mechanism of binding distinguished names in the X. 500 Directory . </P> <P> These packages of certificates can be added or removed by the end user in their software, but are reviewed by Microsoft and Mozilla in terms of their continued trustworthiness . Should a problem arise, such as what occurred with DigiNotar, browser security experts can issue an update to mark a certificate authority as untrusted, but this is a serious removal effectively of that CA from "internet trust". X. 500 offers a way to view which organization claims a specific root certificate, outside of that provided bundle . This can function as a "4 corner model of trust" adding another check to determine if a root certificate has been compromised . Rules governing the Federal Bridge policy for revoking compromised certificates are available at www.idmanagement.gov . </P>

Which itu-t standard did microsoft base the development of active directory on