Return-Path: Delivered-To: apmail-directory-users-archive@www.apache.org Received: (qmail 17439 invoked from network); 31 Jan 2011 15:15:28 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 31 Jan 2011 15:15:28 -0000 Received: (qmail 78772 invoked by uid 500); 31 Jan 2011 15:15:28 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 78571 invoked by uid 500); 31 Jan 2011 15:15:25 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 78562 invoked by uid 99); 31 Jan 2011 15:15:24 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 31 Jan 2011 15:15:24 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of jorgeio@uci.cu designates 200.55.140.180 as permitted sender) Received: from [200.55.140.180] (HELO mx3.uci.cu) (200.55.140.180) by apache.org (qpsmtpd/0.29) with SMTP; Mon, 31 Jan 2011 15:15:18 +0000 Received: (qmail 13271 invoked by uid 507); 31 Jan 2011 15:14:52 -0000 Received: from 10.0.0.184 by ns3.uci.cu (envelope-from , uid 501) with qmail-scanner-2.01st (avp: 5.0.2.0. spamassassin: 3.0.6. perlscan: 2.01st. Clear:RC:1(10.0.0.184):. Processed in 0.784308 secs); 31 Jan 2011 15:14:52 -0000 Received: from unknown (HELO ucimail3.uci.cu) (10.0.0.184) by 0 with SMTP; 31 Jan 2011 15:14:51 -0000 Received: from localhost (localhost.localdomain [127.0.0.1]) by ucimail3.uci.cu (Postfix) with ESMTP id 181DE1E8C029 for ; Mon, 31 Jan 2011 10:14:51 -0500 (CST) X-Virus-Scanned: amavisd-new at uci.cu Received: from ucimail3.uci.cu ([127.0.0.1]) by localhost (ucimail3.uci.cu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id psi1vY+wgqJJ; Mon, 31 Jan 2011 10:14:47 -0500 (CST) Received: from CASAF (casaf.uci.cu [10.36.30.46]) by ucimail3.uci.cu (Postfix) with ESMTP id B41701E8C01C for ; Mon, 31 Jan 2011 10:14:47 -0500 (CST) From: "Jorge Infante Osorio" To: References: In-Reply-To: Subject: RE: Ldap for CRL Date: Mon, 31 Jan 2011 10:14:47 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQJ/Y9T24l6nUYnJkDRn+p9BdakwywG0tF35knY4e7A= Content-Language: es X-Virus-Checked: Checked by ClamAV on apache.org Hi Alex. -----Mensaje original----- De: akarasulu@gmail.com [mailto:akarasulu@gmail.com] En nombre de Alex Karasulu Enviado el: lunes, 31 de enero de 2011 9:25 Para: users@directory.apache.org Asunto: Re: Ldap for CRL Hi Jorge, On Mon, Jan 31, 2011 at 4:12 PM, Jorge Infante Osorio wrote: > Hi all. > I want to know if I can use ApacheDS as a CDP for certificate list > management. > > Right now the directory as you know the ideal place to store X509 certificates. This is the only function we provide presently. As a thin layer a CA can easily sit on top of the directory. There's probably a schema or draft available to manage revocation lists in the DIT. Besides this custom (extended) operations can be provided but the only one we've experimented with is a create certificate function. Other extension mechanisms are also available, like a specific protocol handler in the network layer (MINA), that handles the network part of the CDP protocol, and accesses the DIT to manage certificates. Can you point me out some other Ldap implementation that offers this functionalities. ?? We have a CA and we are searching the way of management the revocation certificate list for the portal users of our system. Jorge. HTH, -- Alex Karasulu My Blog :: http://www.jroller.com/akarasulu/ Apache Directory Server :: http://directory.apache.org Apache MINA :: http://mina.apache.org To set up a meeting with me: http://tungle.me/AlexKarasulu