Q:I'm curious what you're doing because I never saw attribute certs
widely used in practice.
R:Years ago, we created an XACML server that is RBAC profile compliant :
https://projects.ow2.org/view/authzforce/.
Question is : how do you represent roles, especially in a
security-critical context such as the one I work in. For such a matter,
attribute certs might be an answer : signature, delegation, etc. Also
usable for security clearances, etc.
Feel free to ask if you need more info on this.
BTW. I will look again into pmi.[schema|ldif], but I could not find
attribute certificates at first. It seems to me that it only provides
the PMI (=Privilege Mgmt Infra., the equivalent of a PKI for id certs)
schema.
Best,
P
On 20/10/2022 17:24, Michael Ströder wrote:
On 10/20/22 12:14, Pascal Jakobi wrote:
I am looking for an RFC 5755 (attribute certificates profile) schema
file.
I thought it was in pmi.schema, but it appears that no, unless I am
missing sthing.
AFAICS pmi.schema is indeed what you're looking for.
Note that RFC 5755 defines the X.509 certificate profile and not an
LDAP schema.
BTW: I'm curious what you're doing because I never saw attribute certs
widely used in practice.
Ciao, Michael.
