From users-return-3715-apmail-directory-users-archive=directory.apache.org@directory.apache.org Mon Jan 31 14:25:08 2011 Return-Path: Delivered-To: apmail-directory-users-archive@www.apache.org Received: (qmail 83403 invoked from network); 31 Jan 2011 14:25:08 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 31 Jan 2011 14:25:08 -0000 Received: (qmail 90149 invoked by uid 500); 31 Jan 2011 14:25:08 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 89941 invoked by uid 500); 31 Jan 2011 14:25:05 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 89933 invoked by uid 99); 31 Jan 2011 14:25:04 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 31 Jan 2011 14:25:04 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of akarasulu@gmail.com designates 74.125.82.178 as permitted sender) Received: from [74.125.82.178] (HELO mail-wy0-f178.google.com) (74.125.82.178) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 31 Jan 2011 14:25:00 +0000 Received: by wyb42 with SMTP id 42so5593946wyb.37 for ; Mon, 31 Jan 2011 06:24:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=aEGvjkp9X3VXq+eFSeLww1t/CaWxGN6egqMQZtR1nq4=; b=uj0L8WZ3iO1zaSqiYB9iDVOV1v9qXN43PcLzNqg6psHCC5Au1y7422/Rj5cKRpXBMg 6g+t3bjOJHJI+c1Mdgphlaw3R+Khz3w3hbit4VK1z0LShve6Ca+vJ4nuojRPhZgGi03R 91OQf/DycukMykkXijuZ58hNQui6OmJdqj83A= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; b=fzYAIBHP6B7cFYqN5I0jYAucA9lqWH66rL2W7sb9vQU9+ETU8p52/huxtYxqLMyfpy VaMSptL0Kv+oAKEceGSrYrbjHZhkMrTLZi4w/CnIsIh6ck4PPrT+6YIhgHh+EhwXLVFF 0Tcrd+ZHwiiFM13IhXY2/v+yKX6GPKDrLJOAc= MIME-Version: 1.0 Received: by 10.216.177.9 with SMTP id c9mr6089652wem.34.1296483879042; Mon, 31 Jan 2011 06:24:39 -0800 (PST) Sender: akarasulu@gmail.com Received: by 10.216.73.78 with HTTP; Mon, 31 Jan 2011 06:24:38 -0800 (PST) In-Reply-To: References: Date: Mon, 31 Jan 2011 16:24:38 +0200 X-Google-Sender-Auth: Rfs9z6xw0zPh1SLTGDa-67yOpys Message-ID: Subject: Re: Ldap for CRL From: Alex Karasulu To: users@directory.apache.org Content-Type: multipart/alternative; boundary=001636832eec113e4e049b252de9 --001636832eec113e4e049b252de9 Content-Type: text/plain; charset=ISO-8859-1 Hi Jorge, On Mon, Jan 31, 2011 at 4:12 PM, Jorge Infante Osorio wrote: > Hi all. > I want to know if I can use ApacheDS as a CDP for certificate list > management. > > Right now the directory as you know the ideal place to store X509 certificates. This is the only function we provide presently. As a thin layer a CA can easily sit on top of the directory. There's probably a schema or draft available to manage revocation lists in the DIT. Besides this custom (extended) operations can be provided but the only one we've experimented with is a create certificate function. Other extension mechanisms are also available, like a specific protocol handler in the network layer (MINA), that handles the network part of the CDP protocol, and accesses the DIT to manage certificates. HTH, -- Alex Karasulu My Blog :: http://www.jroller.com/akarasulu/ Apache Directory Server :: http://directory.apache.org Apache MINA :: http://mina.apache.org To set up a meeting with me: http://tungle.me/AlexKarasulu --001636832eec113e4e049b252de9--