Re: [Jsdsi-devel] Changes on LDAP schema
Status: Pre-Alpha
Brought to you by:
sajma
Menu
▾
▴
Re: [Jsdsi-devel] Changes on LDAP schema
|
From: Sameer A. <aj...@cs...> - 2004-02-26 15:19:08
|
Luis, I checked the web, and I realized that I was mistaken: I thought "cn" was "canonical name" (which implies that it's unique and required), but it's actually "common name" (which can be optional and non-unique). So what you suggest is probably fine for the "cn" attribute. However, then I suggest the hash of the certificate be available in another attribute. I think this hash would be the perfect value for the OID: it's unique to each certificate, and it's deterministic, meaning a server can detect if someone attempts to insert the same cert twice (it can't do this if the OID is a random number). Sameer >> I would like to change the attribute 'cn'. I think that 'cn' should be >> a clear string wich identified the cert and used as optional. Storing >> a cert will never be a problem, but imagine that some how the user >> wants to get the cert to do something with it, outside jsdsi scope. >> How can he get the cert, trough an hash could be complicated the easy >> way is to use a string, for ex: "cert.1". Why optional? Because if the >> user wants to associate is cert to an ldap user then the 'cn' wan't >> make sense, because, on ldap, users names have 'cn' attribute and >> getting the cert will also be easy. My ideia to the 'cn' attribute is >> when sdsi certs are used with no >> association with what so ever. Other way is to continue using 'cn' as >> before and make the users use the selectors to get the certs, wich, >> btw, is what Sun do with X509CertSelector. But in both ways i think >> that should be optional. >> >> What do u think? >> >> I don't know if u're familiar with ldap. On ldap server attributes and >> object classes are identified by a unique numeric number(OID) this >> numbers are registered, to prevent colisions of numbers. For now i'm >> using a random number, but latter jsdsi attributes an object classes >> could be registered, the registration is free. >> >> -- Luis Pedro >> > > > > ------------------------------------------------------- > SF.Net is sponsored by: Speed Start Your Linux Apps Now. > Build and deploy apps & Web services for Linux with > a free DVD software kit from IBM. Click Now! > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click > _______________________________________________ > Jsdsi-devel mailing list > Jsd...@li... > https://lists.sourceforge.net/lists/listinfo/jsdsi-devel http://ajmani.net |
