[kmf-discuss] initial mappers for cert-to-name mapping
Jan Pechanec
Jan.Pechanec at Sun.COM
Mon Feb 25 07:08:11 PST 2008
hi,
before going into more details, I would like to suggest two mappers
that we could provide during the first phase, and outline how we could use
them:
subject CN mapper - a simple mapper that would take CN from
the certificate Subject. The CN would be taken as is.
altSubject mapper - this mapper could map a certificate to a name
from different parts according to the configuration:
rfc822Name mapper-settings="email"
- plus some attribute(s) to suggest what to do with the
@xxx.yy domain name
dNSName mapper-settings="dns"
- for host certificates, for example
iPAddress mapper-settings="ip"
- for host certificates when used with IP address only
directoryName mapper-settings="dirname"
- additional config words would specify what to use then,
"cn" or "uid", for example
any thoughts on that?
J.
--
Jan Pechanec
More information about the kmf-discuss
mailing list