michael ströderdate: 19.09.00slide 1 datei:...
TRANSCRIPT
![Page 1: Michael StröderDate: 19.09.00Slide 1 Datei: /home/michael/Bizness/SURFnet/web2ldap_presentation_TF-LSD.sdd web2ldap Personal info Michael Ströder](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f315503460f94c4d40c/html5/thumbnails/1.jpg)
Michael Ströder Date: 19.09.00 Slide 1 Datei: /home/michael/Bizness/SURFnet/web2ldap_presentation_TF-LSD.sdd
web2ldap
Personal info Michael Ströder Freelancer Focus on PKI / LDAP
Presentation of PKI features in http://web2ldap.de
![Page 2: Michael StröderDate: 19.09.00Slide 1 Datei: /home/michael/Bizness/SURFnet/web2ldap_presentation_TF-LSD.sdd web2ldap Personal info Michael Ströder](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f315503460f94c4d40c/html5/thumbnails/2.jpg)
Michael Ströder Date: 19.09.00 Slide 2 Datei: /home/michael/Bizness/SURFnet/web2ldap_presentation_TF-LSD.sdd
Overview
Intro Features Limitations Enhancements Demo / Discussion
![Page 3: Michael StröderDate: 19.09.00Slide 1 Datei: /home/michael/Bizness/SURFnet/web2ldap_presentation_TF-LSD.sdd web2ldap Personal info Michael Ströder](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f315503460f94c4d40c/html5/thumbnails/3.jpg)
Michael Ströder Date: 19.09.00 Slide 3 Datei: /home/michael/Bizness/SURFnet/web2ldap_presentation_TF-LSD.sdd
Intro
Started in diploma thesis Simple search and download tool for
certificates stored on LDAP server Add / modify entries
![Page 4: Michael StröderDate: 19.09.00Slide 1 Datei: /home/michael/Bizness/SURFnet/web2ldap_presentation_TF-LSD.sdd web2ldap Personal info Michael Ströder](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f315503460f94c4d40c/html5/thumbnails/4.jpg)
Michael Ströder Date: 19.09.00 Slide 4 Datei: /home/michael/Bizness/SURFnet/web2ldap_presentation_TF-LSD.sdd
Features (1)
Stand-alone or through CGI of web server on Unix and Windows
Best viewed with any browser (CSS for formatting)
Handling of NON-ASCII character sets
![Page 5: Michael StröderDate: 19.09.00Slide 1 Datei: /home/michael/Bizness/SURFnet/web2ldap_presentation_TF-LSD.sdd web2ldap Personal info Michael Ströder](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f315503460f94c4d40c/html5/thumbnails/5.jpg)
Michael Ströder Date: 19.09.00 Slide 5 Datei: /home/michael/Bizness/SURFnet/web2ldap_presentation_TF-LSD.sdd
Features (2)
Many output formats for exports (LDIF, vCard, DSML)
Customization possible but reasonable defaults
![Page 6: Michael StröderDate: 19.09.00Slide 1 Datei: /home/michael/Bizness/SURFnet/web2ldap_presentation_TF-LSD.sdd web2ldap Personal info Michael Ströder](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f315503460f94c4d40c/html5/thumbnails/6.jpg)
Michael Ströder Date: 19.09.00 Slide 6 Datei: /home/michael/Bizness/SURFnet/web2ldap_presentation_TF-LSD.sdd
Features (3) - PKI
Many different standards for storing certificates in directory
Directory server itself is not trustworthy
Display and handle certificates directly instead storing many certificate-related attributes
![Page 7: Michael StröderDate: 19.09.00Slide 1 Datei: /home/michael/Bizness/SURFnet/web2ldap_presentation_TF-LSD.sdd web2ldap Personal info Michael Ströder](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f315503460f94c4d40c/html5/thumbnails/7.jpg)
Michael Ströder Date: 19.09.00 Slide 7 Datei: /home/michael/Bizness/SURFnet/web2ldap_presentation_TF-LSD.sdd
Limitations
Uses python-ldap module built with OpenLDAP 1.2.x libs limited to LDAPv2
WWW-Interface (stateless HTTP)
![Page 8: Michael StröderDate: 19.09.00Slide 1 Datei: /home/michael/Bizness/SURFnet/web2ldap_presentation_TF-LSD.sdd web2ldap Personal info Michael Ströder](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f315503460f94c4d40c/html5/thumbnails/8.jpg)
Michael Ströder Date: 19.09.00 Slide 8 Datei: /home/michael/Bizness/SURFnet/web2ldap_presentation_TF-LSD.sdd
Road Map
Web session managment(passwords, re-use LDAP connections)
LDAPv3 (Referrals, Schema) Improve exports (DSML, vCard) Advanced Authentication Schemes
(Kerberos, SASL)
![Page 9: Michael StröderDate: 19.09.00Slide 1 Datei: /home/michael/Bizness/SURFnet/web2ldap_presentation_TF-LSD.sdd web2ldap Personal info Michael Ströder](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f315503460f94c4d40c/html5/thumbnails/9.jpg)
Michael Ströder Date: 19.09.00 Slide 9 Datei: /home/michael/Bizness/SURFnet/web2ldap_presentation_TF-LSD.sdd
Ideas
Complete certificate validation DSML engine Windowing GUI with wxWindows
(Windows and Unix)
![Page 10: Michael StröderDate: 19.09.00Slide 1 Datei: /home/michael/Bizness/SURFnet/web2ldap_presentation_TF-LSD.sdd web2ldap Personal info Michael Ströder](https://reader036.vdocuments.net/reader036/viewer/2022083006/56649f315503460f94c4d40c/html5/thumbnails/10.jpg)
Michael Ströder Date: 19.09.00 Slide 10 Datei: /home/michael/Bizness/SURFnet/web2ldap_presentation_TF-LSD.sdd
Discussion
Required features?Referrals, GUI
Authentication Schemes (Kerberos, vs. SASL), Encryption (LDAPS vs. STARTTLS)
Let's browse your favourite LDAP server! (preferrably with certs ;-)