Re: LDAP PKI Schema (was Re: No-op LDAP ;binary option)

[Russ Housley <housley@xxxxxxxxxxxx>]

Tim:

I do not understand how a client is better off with multiple ways to put 
the same information in the Directory.  Doesn't this approach just make the 
client fat?  It seem to me that the client would have to support all of the 
possible ways that the information could be stored.  It cannot know which 
method it will encounter until it starts looking at data in the Directory.

Russ


At 03:14 PM 1/6/2003 -0500, Timothy Hahn wrote:
> Hello all,
>
> After listening to the different view-points on this topic, it seems to me
> that there are multiple valid approaches.  These approaches include, but
> are not limited to:
>   - leveraging the general solution of component-matching
>   - new schema to support application-managed componentization of
> information to make things searchable
> as well as others (additional matching rules, for example).
>
> It occurs to me that perhaps we have a situation where "one size does not
> fit all".  Why not accept this and define a way for applications to
> determine which (of possibly multiple) format(s) has been used to place the
> information into the directory?  We could define some small bit of schema
> which indicates the way in which the certificate information is placed into
> the directory, then different applications could query this and determine:
>   - whether they can use the data at all
>   - if they can use the data, how they can best use it (if there are, for
> example, multiple mechanisms employed).
>
> Just a thought to get us through this discussion.
>
> Regards,
> Tim Hahn