Reflecting on X . 509 and LDAP , or How separating identity and attributes could simplify a PKI

  title={Reflecting on X . 509 and LDAP , or How separating identity and attributes could simplify a PKI},
  author={Jeroen van},
  • Jeroen van
  • Published 2004
X.509 certificates can be used to store attributes about its owner, and so can on-line directory systems such as LDAP. In this paper we explore the option of putting little or no data in the certificate itself, and all data in LDAP databases. We show how this approach completely changes the role of the Registration Authority, resulting in a more flexible PKI. In particular it leads to a way to implement Single Sign On, allowing hosting organizations to fully specify and modify access control… CONTINUE READING


Publications referenced by this paper.
Showing 1-10 of 15 references


  • Siebenlist
  • Is there life after X.509? Presentation given at…
  • 2004
2 Excerpts


  • Basney
  • Private communication, Februari
  • 2004


  • Crépeau
  • & Slakmon, A. Simple backdoors for RSA key…
  • 2003
1 Excerpt

Forschungsbericht 03-5

  • W. Zhou, Meinel, C. Implement Role-Based Access Control with Attribute Certificates
  • Institut für Telematik, Universität Trier,
  • 2003
1 Excerpt


  • Just
  • An overview of Public Key Certificate Support for…
  • 2003
1 Excerpt

Research project for a smart smart card that remembers what the smart card signs

  • Custódio, R.F
  • Personal commumication,
  • 2003

da Silva

  • M. A. Carnut, E. Curvelo Hora, C. L. Mattos
  • F.Q.B., FreeICP.ORG: Free Trusted Certificates by…
  • 2003


  • Gutmann
  • PKI: It's Not Dead, Just Resting. In IEEE…
  • 2002


  • J. Novotny, S. Tuecke, Welch
  • An Online Credential Repository for the Grid…
  • 2001
1 Excerpt

Similar Papers

Loading similar papers…