Re: Using ldap with x.509, why?
From: Lassi Hippeläinen (lahippel_at_ieee.orgasm-research.invalid)
Date: 12/17/03
- Next message: Walter Roberson: "Re: Port 135 Probes Continue"
- Previous message: Bill: "email security and HIPPA"
- In reply to: iksrazal: "Using ldap with x.509, why?"
- Next in thread: Rowdy Yates: "Re: Using ldap with x.509, why?"
- Reply: Rowdy Yates: "Re: Using ldap with x.509, why?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 17 Dec 2003 17:06:42 GMT
iksrazal wrote:
>
> Currently we have one web service, with only one user, in which the
> client puts X.509 certificates directly in the SOAP message. The web
> service validates the message. So far so good.
>
> We are looking at supporting perhaps 10 clients. We think perhaps a
> more scalable solution is to put the certificate, serial number, cn
> etc in ldap.
>
> Could someone please explain the advantage of putting the certificate
> in ldap, as opposed to putting the cert directly in the message?
>
> Any response greatly appreciated.
> iksrazal
With a central repository cert management is easier. Besides, it saves
bandwidth. If you put only the URL of the cert in the message, it will
be much shorter.
Usually central LDAP servers are the solution for zillions of users. But
you must make sure that the server side is available when you need it,
i.e. you need two redundant copies. With only ten clients I wonder if
it's worth it...
-- Lassi
- Next message: Walter Roberson: "Re: Port 135 Probes Continue"
- Previous message: Bill: "email security and HIPPA"
- In reply to: iksrazal: "Using ldap with x.509, why?"
- Next in thread: Rowdy Yates: "Re: Using ldap with x.509, why?"
- Reply: Rowdy Yates: "Re: Using ldap with x.509, why?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
