Public keys and Private Keys ‘recognize’ each other and because the public key can be freely distributed, the web server can store all the public keys belonging to its list of authorized users and match the Keys for users seeking access. This is called On-to-One authentication.
User A’s public key is stored on the web server. When User A attempts to gain access to the server, the server asks User A’s browser’s certificate Store to confirm that it has the matching Private Key to the public key stored on the server. If the match is confirmed, User A is granted access.
In simpler deployments, you might only need to identify groups of users in which case the One-to-Many implementation is faster to implement and easier to manage.
In One-to-Many Authentication, the entire group of users or several sub-groups are formed. The server is then configured to seek the Signing certificate only, in which case, the server doesn’t need a copy of each individual’s public key.
This is easier to deploy and manage because the server doesn’t require a unique configuration for each Digi-ID™ that will be used to access it. By its simplicity, the server is configured once and any number of users can access it without any further intervention and still the individual user can be revoked so that access is denied on the individual basis as needed.