The CA demo site at http://www.x509.com has always been using
LDAP/SSL-LDAP as the basis for it's PKI.
We have solved the access issues by using SSL LDAP and incorporating
client authentication with the native ACL mechanisms in the Umich
implementation.
The beauty is that you can have a context-sensitive PKI (and for that
matter, object distribution) by basing the results of the LDAP query
on some portion of the connecting client DN, which is "guaranteed" by the
use of strong authentication.
Pat Richard
patr@x509.com
>
> >
> > Any helpful hints/pointers gratefully received!
> >
> > Tim Dean
> > DRA-Malvern
> > UK
> >
>