Authentication and authorization in an industrial control system using a single digital certificate

What is claimed is: 1 . A computer-implemented method of performing access control in an industrial control system comprising: connecting a first component of an industrial control system to a second component of the industrial control system; generating a digital certificate for the first component that includes both authentication information and authorization information associated with the first component; transmitting the digital certificate from the first component to the second component; extracting the authorization information from the digital certificate at the second component; identifying, at the second component, a set of access rights based on the authorization information extracted; and authorizing the first component to access the second component based on the set of access rights identified. 2 . The computer-implemented method of claim 1 wherein: the first component is a first industrial device of the industrial control system; and the second component is a second industrial device of the industrial control system. 3 . The computer-implemented method of claim 1 wherein: generating the digital certificate includes storing the authorization information in an extension field of the digital certificate. 4 . The computer-implemented method of claim 3 wherein: storing the authorization information in the extension field of the digital certificate includes configuring an object identifier (OID) of the extension field to include a unique identifier that is associated with an entity that maintains the industrial control system. 5 . The computer-implemented method of claim 4 wherein: extracting the authorization information from the digital certificate includes parsing the digital certificate using the unique identifier. 6 . The computer-implemented method of claim 3 wherein: the digital certificate is structured according to the X.509v3 standard. 7 . The computer-implemented method of claim 3 wherein: the authorization information comprises a role indicator. 8 . The computer-implemented method of claim 7 wherein: the role indicator is obfuscated in the digital certificate. 9 . The computer-implemented method of claim 7 wherein: identifying the set of access rights includes mapping the role indicator to the set of access rights. 10 . The computer-implemented method of claim 1 further comprising: specifying the authorization information to a certificate issuer via an authorization specification interface of the certificate issuer. 11 . An industrial control system comprising: a first industrial device; a digital certificate comprising authentication information and authorization information associated with the first industrial device; and a second industrial device configured to receive the digital certificate from the first industrial device, extract the authorization information from the digital certificate, and authorize the first industrial device to access the second industrial device based on the authorization information extracted. 12 . The industrial control system of claim 11 wherein: the first industrial device and the second industrial device are selected from the group consisting of a programmable logic controller (PLC), a programmable automation controller (PAC), a remote telemetry unit, an industrial machine, an industrial control device, an industrial monitoring device, an industrial sensor device, a data warehouse device, and a human-machine interface (HMI) device. 13 . The industrial control system of claim 11 further comprising: a certificate issuer configured to generate the digital certificate for the first industrial device using the authentication information and the authorization information associated with the first industrial device. 14 . The industrial control system of claim 13 wherein: the certificate issuer comprises an authorization specification interface configured to receive the authorization information associated with the first industrial device. 15 . The industrial control system of claim 13 wherein: the certificate issuer is configured to automatically obtain the authorization information for the first industrial device based on device information associated with the first industrial device. 16 . The industrial control system of claim 11 wherein: the second industrial device comprises a parser configured to parse the digital certificate in order to extract the authorization information from the digital certificate. 17 . The industrial control system of claim 11 wherein: the digital certificate is structured to locate the authorization information in an extension field; and the authorization information comprises a role indicator. 18 . The industrial control system of claim 11 wherein: the authorization information comprises a set of access rights for the first industrial device. 19 . A computer-implemented method of performing access control comprising: generating a digital certificate for a first device that includes authentication information and authorization information associated with the first device; establishing a connection between the first device and a second device; transmitting the digital certificate from the first device to the second device; authenticating the first device based on the authentication information of the digital certificate; and authorizing the first device to access the second device based on the authorization information of the digital certificate. 20 . The computer-implemented method of claim 19 wherein: the digital certificate is structured to locate the authorization information in an extension field; and the authorization information comprises a role indicator.