Ldap pki and pmi schemas
This presentation is the property of its rightful owner.
Sponsored Links
1 / 8

LDAP PKI and PMI Schemas PowerPoint PPT Presentation


  • 96 Views
  • Uploaded on
  • Presentation posted in: General

TrustCoM Project http://www.eu-trustcom.com/. LDAP PKI and PMI Schemas. [email protected] 3 IDs in the series. Internet X.509 Public Key Infrastructure LDAP Schema for X.509 CRLs <draft-ietf-pkix-ldap-crl-schema-02.txt>

Download Presentation

LDAP PKI and PMI Schemas

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Ldap pki and pmi schemas

TrustCoM Project

http://www.eu-trustcom.com/

LDAP PKI and PMI Schemas

[email protected]

TrustCoM Project University of Salford


3 ids in the series

3 IDs in the series

  • Internet X.509 Public Key Infrastructure LDAP Schema for X.509 CRLs <draft-ietf-pkix-ldap-crl-schema-02.txt>

  • Internet X.509 Public Key Infrastructure

    LDAP Schema for X.509 Attribute Certificates

    <draft-ietf-pkix-ldap-ac-schema-01.txt>

  • Internet X.509 Public Key Infrastructure

    LDAP Schema for X.509 Certificates <draft-ietf-pkix-ldap-pkc-schema-00

    ALL DESTINED FOR INFORMATIONAL RFCS

TrustCoM Project University of Salford


Attribute extraction

[ ]

Attribute Extraction

LDAP

directory

XPS

server

+

Search for Att 1.. Att i

Return X.509 attribute

Att1, Att2…Att n

CA/AA

TrustCoM Project University of Salford


The dit structure

The DIT Structure

  • PKCs and ACs are held in child entries

  • CRLs are held in child subtrees

dc=com

dc=myorg

dc=com

dc=myorg

ou=My CA

ou=people

CRL

AC containing roles

cn=my entry

Encryption PKC

CRL entries

Signing PKC

serialno=nnnn + issuer=‘ou=MyCA,dc=myorg,dc=com’

TrustCoM Project University of Salford


Implementation details

Implementation Details

  • Implemented in OpenLDAP 2.2.11 and newer

  • Code is not in the main branch yet since it's being reviewed by OpenLDAP programmers

TrustCoM Project University of Salford


Ldap client view of xps

LDAP Client view of XPS

TrustCoM Project University of Salford


Way forward

Way Forward

  • Latest versions

    • Added IANA considerations and acks, re-arranged object classes, aligned all 3 IDs, minor corrections

  • Outstanding Issues

    • None

  • WG Last Call ?? Is it needed for an Inf RFC

  • Ready to go now

TrustCoM Project University of Salford


Other ldap work

Other LDAP work

  • V3 Profile

TrustCoM Project University of Salford


  • Login