Modifying LDAP to Support X.509-basedPKIs

نویسندگان

  • D. W. Chadwick
  • E. Ball
  • M. V. Sahalayev
  • M. Sahalayev
چکیده

One of the impediments to a successful roll out of X.509-based public key infrastructures (PKIs), is that LDAP directories do not fully support PKIs. In particular, it is not possible to search for X.509 attributes (certificates or CRLs) that match user defined criteria. This paper describes the various approaches that have been suggested for enabling users to search for X.509 attributes, namely component matching and attribute extraction. The implementation of attribute extraction in the OpenLDAP product is then described.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Internet - Draft Ldap X

This document describes schema for representing X.509 certificates, X.521 security information, and related elements in directories accessible using the Lightweight Directory Access Protocol (LDAP). The LDAP definitions for these X.509 and X.521 schema elements replaces those provided in RFC 2252 and RFC 2256. 1. Background and Intended Use This document provides LDAP [Roadmap] schema definitio...

متن کامل

Expires in six months 11 February 2005

This document describes schema for representing X.509 certificates, X.521 security information, and related elements in directories accessible using the Lightweight Directory Access Protocol (LDAP). The LDAP definitions for these X.509 and X.521 schema elements replaces those provided in RFC 2252 and RFC 2256. 1. Background and Intended Use This document provides LDAP [Roadmap] schema definitio...

متن کامل

Reflecting on X.509 and LDAP, or How separating identity and attributes could simplify a PKI

X.509 certificates can be used to store attributes about its owner, and so can on-line directory systems such as LDAP. In this paper we explore the option of putting little or no data in the certificate itself, and all data in LDAP databases. We show how this approach completely changes the role of the Registration Authority, resulting in a more flexible PKI. In particular it leads to a way to ...

متن کامل

Oracle Identity Management: Integration with Windows

INTRODUCTION Oracle Identity Management is an integrated, scalable and robust identity management infrastructure. Oracle Identity Management includes an LDAP directory service, directory integration and provisioning services, a delegated administration service application, authentication and authorization services, and an X.509 V3 certificate authority. Key benefits of Oracle Identity Managemen...

متن کامل

RBAC Policies in XML for X.509 Based Privilege Management

This paper describes a role based access control policy template for use by privilege management infrastructures where the roles are stored as X.509 Attribute Certificates in an LDAP directory. There is a brief description of the X.509 privilege management model, and how it can be used to implement RBAC. Policies that conform to the template are written in XML, and the template is specified as ...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2003