Re: Using ldap with x.509, why?
From: Rowdy Yates (rowdy.yates_at_no-spam-please.com)
Date: 12/20/03
- Previous message: Rowdy Yates: "Re: PGP versus the Outlook built in secure mail?"
- In reply to: Lassi Hippeläinen : "Re: Using ldap with x.509, why?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 20 Dec 2003 14:36:49 GMT
Lassi Hippeläinen <lahippel@ieee.orgasm-research.invalid> wrote in
news:3FE08D45.91E51480@ieee.orgasm-research.invalid:
> iksrazal wrote:
>>
>> Currently we have one web service, with only one user, in which the
>> client puts X.509 certificates directly in the SOAP message. The web
>> service validates the message. So far so good.
>>
>> We are looking at supporting perhaps 10 clients. We think perhaps a
>> more scalable solution is to put the certificate, serial number, cn
>> etc in ldap.
>>
>> Could someone please explain the advantage of putting the certificate
>> in ldap, as opposed to putting the cert directly in the message?
>>
>> Any response greatly appreciated.
>> iksrazal
>
> With a central repository cert management is easier. Besides, it saves
> bandwidth. If you put only the URL of the cert in the message, it will
> be much shorter.
>
> Usually central LDAP servers are the solution for zillions of users. But
> you must make sure that the server side is available when you need it,
> i.e. you need two redundant copies. With only ten clients I wonder if
> it's worth it...
>
> -- Lassi
>
good reply Lassi.
- Previous message: Rowdy Yates: "Re: PGP versus the Outlook built in secure mail?"
- In reply to: Lassi Hippeläinen : "Re: Using ldap with x.509, why?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
