A named set of rules that indicate the applicability of certificates for a specific class of applications with common security requirements. Such a policy might, for example, limit certain certificates to electronic data interchange transactions within given price limits.