[Date Prev][Date Next] [Chronological] [Thread] [Top]

agenda for IETF LDAPEXT meeting

To: "'ietf-ldapext@netscape.com '" <ietf-ldapext@netscape.com>
Subject: agenda for IETF LDAPEXT meeting
From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>
Date: Tue, 16 Mar 1999 15:26:57 +1000
Resent-date: Mon, 15 Mar 1999 20:27:53 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"NpfOA.0.Xh2.6tTxs"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

 
Dear all, although I cannot attend - There seems to be some major areas
that I would like addressed in LDAP and its security regimes.

Specifically we have a range of authentication techniques and
certificate based systems are available for TLS/SASL 509, etc. 
What I would like to see is how we do user-service authentication and
trusted directory operations (with signed operations) and how these are
propageted into (X.500) distributed directories. ie. signed dap can be
enveloped into signed DSP so one can have a user/trust to service regime
- and once the user has authenticated and applied ops to the service,
the service through its trusted DSP interfaces can "envelope" and
propagate that trust within the system.

The two areas that have holes IMHO in LDAP is a) the LDAP/TLS
authentication ..ie the magic between TLS/509 user authentication and
cert verification and how LDAP environments support that specifically if
the user is a mobile user - and dealing with signed LDAP in a way that
can be propagated as a trusted and vetted protocol in a distributed
directory service - as per signed DAP and DSP.

all thoughts would be welcome.

regards alan

Prev by Date: Open Group Directory Program
Next by Date: Re: input on draft-ieft-svrloc-ldap-scheme-01.txt
Index(es):
- Chronological
- Thread