SCaaS utilizes User certificates primarily for identification not authentication. These certificates do not have any native ability to unlock anything. All privileges and roles are dynamically applied. This means a User and Device are first identified using a Certificate and Password. Once identified, a drop down list is presented with the Services available for the User and Device. Certificates (Devices) can be dynamically / at-will enabled. This is especially useful for intermittent or emergency access requirements. There is no need for Certificate Revocation lists or short Certificate life spans. If a Device is lost it is simply deleted in the Administration Panel and it will never have access again.