A verification method and system including a verifier which can both interpret policies and determine if they are satisfied, and request and obtain relevant certificates. This new architecture includes a verifier which itself can both direct a retrieval mechanism and use a local database of information. Users and applications can obtain and supply certificates to the verifier and the local database. The verifier may invoke a retrieval mechanism to obtain necessary certificates from other authenticated data servers and store them in a secondary database. The flexibility to allow for both on-line and off-line authenticated data server responses for verification is encompassed, as is an enhanced system for security including revocation of certificates using a polarity discipline, which allows data used for revocation to be handled with the same system used for other verification data without imperiling security.