|
Posted by on June 3, 2005, 1:50 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hi,
First of all, I apologize if this is not the right forum to post this
question...
I need to create a repository to allow users (and programs) access to
digital certificates. I thought about an LDAP server, a database with a
web front-end, etc... but is there a *standard* way to do this ?
Thank you !
Sérgio
|
|
Posted by Anne & Lynn Wheeler on June 3, 2005, 3:17 pm
If you were Registered and logged in, you could reply and use other advanced thread options
smveloso@gmail.com writes:
> First of all, I apologize if this is not the right forum to post this
> question...
>
> I need to create a repository to allow users (and programs) access to
> digital certificates. I thought about an LDAP server, a database with a
> web front-end, etc... but is there a *standard* way to do this ?
supposedly x.500 dap and x.509 identity digital certificates went
hand-in-hand. first time i remember paying much attention when the
subject was brought up at an acm sigmod conference and somebody
explained it as a bunch of networking engineers attempting to recreate
1960s database technology.
one of the things that started to down about these x.500/x.509
design points were that horendous amounts of identity related information in
x.500 & x.509 raised significant privacy concerns.
later ... "lightweight" dap (ldap) came along.
there is this funny cross-over between trusted repositories of
certificates and trusted repositories of certificatelss public keys
.... making the original design point of x.509 certificates, redundant
and superfluous.
from my rfc index
http://www.garlic.com/~lynn/rfcietff.htm
in the "RFCs listed by" click on "Term (term->RFC#)"
and select "LDAP" from the "acronym fastpath"
lightweight directory access protocol (LDAP ) (LDAPv2) (LDAPv3 )
see also ITU directory service protocol , directory
3928 3909 3876 3866 3829 3771 3727 3712 3703 3698 3687 3674 3673
3672 3671 3663 3494 3384 3383 3377 3352 3296 3112 3088 3062 3060
3045 2927 2926 2891 2849 2830 2829 2820 2798 2739 2714 2713 2696
2657 2649 2596 2589 2587 2559 2307 2256 2255 2254 2253 2252 2251
2247 2164 1960 1959 1823 1798 1778 1777 1558 1487 1249
selecting on any of the RFC numbers brings up the RFC summary.
selecting on the ".txt=nnnn" field retrieves the actual RFC.
another kind of certificateless approach
http://www.garlic.com/~lynn/subpubkey.html#certless
for public key authenticatin ... is to register public keys in a
RADIUS infrastructure ... in lieu of shared-secrets, passwords, etc
and perform digital signature verification with the onfile public key.
RADIUS supports lots of authentication clients accessing a RADIUS
trusted repository for both authentication as well as authorization
information (w/o necessarily exposing sensitive information to
wide-open population).
again from my RFC index ... in the "Term (term->RFC#)" page,
select "RADIUS" from the acronym fastpath.
remote authentication dial in user service (RADIUS )
see also authentication , network access server , network services
4014 3580 3579 3576 3575 3162 2882 2869 2868 2867 2866 2865 2809
2621 2620 2619 2618 2548 2139 2138 2059 2058
note that RADIUS was originally developed by Livingston for their line
of dail-up modem pool products. It has since become an IETF standard
and expanded to meet much more generalized authentication and
authorization requirements.
and (also from the "Term (term->RFC#)" page, standards work
on generalized authentication, authorization and
accounting
Authentication, Authorization and Accounting
see also accounting , authentication , authorization
3588 3539 3127 2989 2977 2906 2905 2904 2903
--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
|
|
Posted by douglas.ross@gmail.com on June 4, 2005, 5:36 am
If you were Registered and logged in, you could reply and use other advanced thread options
attributes of that class is a 509 cert.
See
http://msdn.microsoft.com/library/en-us/adschema/adschema/c_inetorgperson.asp
for info on that objectClass.
---
http://directorblue.blogspot.com
|
| Similar Threads | Posted | | X.509 Digital Certificates | March 7, 2005, 8:56 pm |
| Chaining x.509 certificates | April 27, 2005, 3:46 pm |
| Chaining x.509 certificates | April 27, 2005, 3:48 pm |
| What are the differences between the certificates *.pfx *.p12 *.cer *.crt *.spc *.p7b ?? | July 19, 2005, 2:02 pm |
| Wildcard SSL Certificates | July 27, 2005, 10:30 am |
| sample X.509 certificates? | February 20, 2007, 9:38 pm |
| Certificates Question | March 27, 2007, 2:50 am |
| Value of SSL client certificates? | October 19, 2007, 10:18 am |
| How to generate SSL certificates - a little howto | March 22, 2005, 8:34 pm |
| VPN vs SSL client side certificates | September 6, 2005, 12:48 pm |
|
XML site map