Browse Prior Art Database

Internet X.509 Public Key Infrastructure LDAPv2 Schema (RFC2587)

IP.com Disclosure Number: IPCOM000003174D
Original Publication Date: 1999-Jun-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 6 page(s) / 14K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

S. Boeyen: AUTHOR [+3]

Abstract

The schema defined in this document is a minimal schema to support PKIX in an LDAPv2 environment, as defined in RFC 2559. Only PKIX- specific components are specified here. LDAP servers, acting as PKIX repositories should support the auxiliary object classes defined in this specification and integrate this schema specification with the generic and other application-specific schemas as appropriate, depending on the services to be supplied by that server.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 19% of the total text.

Network Working Group S. Boeyen

Request for Comments: 2587 Entrust

Category: Standards Track T. Howes

Netscape

P. Richard

Xcert

June 1999

Internet X.509 Public Key Infrastructure

LDAPv2 Schema

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1999). All Rights Reserved.

1. Abstract

The schema defined in this document is a minimal schema to support

PKIX in an LDAPv2 environment, as defined in RFC 2559. Only PKIX-

specific components are specified here. LDAP servers, acting as PKIX

repositories should support the auxiliary object classes defined in

this specification and integrate this schema specification with the

generic and other application-specific schemas as appropriate,

depending on the services to be supplied by that server.

The key words 'MUST', 'SHALL', 'REQUIRED', 'SHOULD', 'RECOMMENDED',

and 'MAY' in this document are to be interpreted as described in RFC

2119.

2. Introduction

This specification is part of a multi-part standard for development

of a Public Key Infrastructure (PKI) for the Internet. LDAPv2 is one

mechanism defined for access to a PKI repository. Other mechanisms,

such as http, are also defined. If an LDAP server, accessed by LDAPv2

is used to provide a repository, the minimum requirement is that the

repository support the addition of X.509 certificates to directory

entries. Certificate Revocation List (CRL)is one mechanism for

publishing revocation information in a repository. Other mechanisms,

such as http, are also defined.

This specification defines the attributes and object classes to be

used by LDAP servers acting as PKIX repositories and to be understood

by LDAP clients communicating with such repositories to query, add,

modify and delete PKI information. Some object classes and attributes

defined in X.509 are duplicated here for completeness. For end

entities and Certification Authorities (CA), ...