[kmf-discuss] DN/subjectAltName mapping to username
Nicolas Williams
Nicolas.Williams at sun.com
Thu Dec 20 08:10:46 PST 2007
On Thu, Dec 20, 2007 at 04:58:16PM +0100, Jan Pechanec wrote:
> I think that there might be not too large set of attributes to
> define a mapping:
>
> - a module name
> - filename for "xxx -> user" mapping if needed
> - ignore case if applicable
Or even fold case to lower case.
> - a few attributes (host, port, password, ...) for directory-like
> mapper like LDAP one
I'd like to see an option for searching the directory, but not
necessarily having to specify DS names and port numbers -- the native
LDAP client config should suffice in most cases (similarly, an option
search Active Directory via LDAP should require naming which DCs/GCs to
use).
What really matters is what schema to use (well, what attribute to
search by and how to encode the search values for it -- public key
fingerprint? cert fingerprint? cert DN? ...).
> - ignore domain if applicable (eg. mail-to-user mapper)
That could only be OK if the set of trust anchors is narrow enough.
> - algorithm (eg. digest mapper)
>
> I would be definitely willing to help with design for this, if
> needed.
Me too!
Nico
--
More information about the kmf-discuss
mailing list