>
> The HTTP gateway would be ok if it:
>
> 1) Used the user's certificate to bind to the directory (for access
> control)
Bill,
to do access control one should use private key knowledge not just
having a certificate. Propably users will not release their private keys..
> 2) Would allow viewing of objects and attributes without having to program
> them into the interface.
One can build trusted application that require client certificates at
SSL handshake to authenticate client connected. Directory should trust
data extracted from client's certificate by the application (gateway).
Can't imaging other way except really smart client capable of decoding
directory's answer with his private key. Going this way one can use
signed (with user's private key) instructions to modify directory that
client capable of producing and server to understand. Don't sure
such a directory (or gateway) and client software exists.
Vadim Fedukovich
> The HTTP gateways that I am familiar with fail in both cases. Either the
> gateway binds to the directory or the user has to provide a password to bind.
> The gateway has to be preprogrammed to understand and display directory
> objects and attributes. (I understand that any client would have to do this to
> some extent.)
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
