1 / 8

LDAP PKI and PMI Schemas

TrustCoM Project http://www.eu-trustcom.com/. LDAP PKI and PMI Schemas. d.w.chadwick@salford.ac.uk. 3 IDs in the series. Internet X.509 Public Key Infrastructure LDAP Schema for X.509 CRLs <draft-ietf-pkix-ldap-crl-schema-02.txt>

erica-dale
Download Presentation

LDAP PKI and PMI Schemas

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. TrustCoM Project http://www.eu-trustcom.com/ LDAP PKI and PMI Schemas d.w.chadwick@salford.ac.uk TrustCoM Project University of Salford

  2. 3 IDs in the series • Internet X.509 Public Key Infrastructure LDAP Schema for X.509 CRLs <draft-ietf-pkix-ldap-crl-schema-02.txt> • Internet X.509 Public Key Infrastructure LDAP Schema for X.509 Attribute Certificates <draft-ietf-pkix-ldap-ac-schema-01.txt> • Internet X.509 Public Key Infrastructure LDAP Schema for X.509 Certificates <draft-ietf-pkix-ldap-pkc-schema-00 ALL DESTINED FOR INFORMATIONAL RFCS TrustCoM Project University of Salford

  3. [ ] Attribute Extraction LDAP directory XPS server + Search for Att 1.. Att i Return X.509 attribute Att1, Att2…Att n CA/AA TrustCoM Project University of Salford

  4. The DIT Structure • PKCs and ACs are held in child entries • CRLs are held in child subtrees dc=com dc=myorg dc=com dc=myorg ou=My CA ou=people CRL AC containing roles cn=my entry Encryption PKC CRL entries Signing PKC serialno=nnnn + issuer=‘ou=MyCA,dc=myorg,dc=com’ TrustCoM Project University of Salford

  5. Implementation Details • Implemented in OpenLDAP 2.2.11 and newer • Code is not in the main branch yet since it's being reviewed by OpenLDAP programmers TrustCoM Project University of Salford

  6. LDAP Client view of XPS TrustCoM Project University of Salford

  7. Way Forward • Latest versions • Added IANA considerations and acks, re-arranged object classes, aligned all 3 IDs, minor corrections • Outstanding Issues • None • WG Last Call ?? Is it needed for an Inf RFC • Ready to go now TrustCoM Project University of Salford

  8. Other LDAP work • V3 Profile TrustCoM Project University of Salford

More Related