RE: [Jsdsi-devel] JSDSI plan

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Sameer, 

I like to put the schema to discussion.

In my project i see the ldap server just as a repository for certs and
because of this i don't have certs associated with users like it usual with
X509 certs. Of course that anyone can make that association if it like but
as to follow the schema.

Here is the schema that i'm using:

 cn (common name for the cert), u can see this as a unique name;
 javaSerializedObject (sdsi cert), i think that is the best way to represent
the certs,
 issuerPubKey (issuer public key)
 subjectPubKey (subject public key)
 name (name)  

The attribute 'name' can be used as optional(if the certs are AuthCerts,
doens't make sense the use of this). issuerPubKey and subjectPubKey are
needed to perform searchs with the currently selectors (Auth, Subject,
Compatible, Name), without having to desserialize the cert.

I think that the certs should be searched on the ldap without getting all to
an object like a MultiMap to apply the selectors.

The 'javaSerializedObject' could, also be an attribute with other name where
is content would be an encoded sdsi cert. 

   -- Luis Pedro