Securing IT Resources with Digital Certificates and LDAP

Abstract

Digital Certificates, developed to facilitate electronic commerce, may serve as a next-generation authentication mechanism for a variety of technology resources, including Web-based, client/server, and legacy applications. University Management Systems at the University of Colorado has been researching public key infrastructures (PKIs) as a fabric for deploying digital signatures and implementing enterprise security. This new security infrastructure is pivotal to several emerging Internet standards, including electronic commerce (SET), secure wide-area networking (S/WAN), digital signatures and encrypted e-mail (S/MIME), basic Web authentication using SSL, crypto-cards, Java security APIs, Netscape's CDSA, and others. This paper discusses issues in using digital certificates for Web and client/server authentication, using LDAP for storing authentication and authorization information, integration with legacy architectures, policy and implementation issues, and the overarching strategy of this approach.