DEFICIENCIES IN LDAP WHEN USED TO SUPPORT PKI.

Saved in:
Bibliographic Details
Title: DEFICIENCIES IN LDAP WHEN USED TO SUPPORT PKI.
Authors: Chadwick, David1 d.w.chadwick@salford.ac.uk
Source: Communications of the ACM. Mar2003, Vol. 46 Issue 3, p99-104. 6p.
Subjects: Directory services (Computer network technology), Internet, Information technology, Public key infrastructure (Computer security), Computer network protocols
Abstract: The lightweight directory access protocol (LDAP) is the Internet standard way of accessing directory services that conform to the X.500 data model. It is very widely supported by all the leading software vendors and is part of Windows 2000 Active Directory. There are two versions of LDAPv2, the original lightweight variation of the X.500 Directory Access Protocol (DAP); and LDAPv3, the heavyweight version. While the DAP was designed from its inception to support public-key infrastructures (PIUs), being part of the same X.500 family of standards as X.509, LDAP was not designed with this support in mind. LDAP has, however, become the predominant protocol in support of PIUs accessing directory services for certificates and certificate revocation lists (CRLs), but because of its lineage, it has some deficiencies.
Database: Engineering Source
Description
Abstract:The lightweight directory access protocol (LDAP) is the Internet standard way of accessing directory services that conform to the X.500 data model. It is very widely supported by all the leading software vendors and is part of Windows 2000 Active Directory. There are two versions of LDAPv2, the original lightweight variation of the X.500 Directory Access Protocol (DAP); and LDAPv3, the heavyweight version. While the DAP was designed from its inception to support public-key infrastructures (PIUs), being part of the same X.500 family of standards as X.509, LDAP was not designed with this support in mind. LDAP has, however, become the predominant protocol in support of PIUs accessing directory services for certificates and certificate revocation lists (CRLs), but because of its lineage, it has some deficiencies.
ISSN:00010782
DOI:10.1145/636772.636778