Certificates are persistent. Authorization is dynamic. Any information stored within a certificate becomes as persistent as the certificate itself. The certificate payload should not carry any attribute data for use in authorization decisions, except a
