A Role Certificate is an authenticatable device that provides evidence that a given principal possesses the attributes of a given role. In SDM, an executing Identity adopting a role is represented as a RoleIdentity. A RoleIdentity contains a RoleCertificate within it that it can be presented to any server. RoleCertificates have associated names and privileges, along with any other role hierarchy information; for example rules stating that all Managers are also Employees. When a principal authenticates itself and presents a valid role certificate, the privileges associated with that role becomes effective for the principal.