Information Technology Reference
In-Depth Information
be confused with standalone LDAP authentication-only services during
enterprise planning.
External Authentication
Authentication can also be performed against an external source using
public-key cryptographic digital signatures, which employ a trusted cer-
tificate authority such as Thawte or Verisign, in order to validate a request
that has been digitally signed using the requestor's private key. When a
signed request is made, the requested service validates the public signature
with the certificate authority. The certificate authority, in turn, identifies
the request as valid.
Authentication Standards
Many different protocols and standards exist for network authentication.
These standards may employ internal or external databases of known
identities, or they may make use of network information or other end-
point data to validate requests for service connectivity. Many different
vendors provide their own proprietary authentication solutions, but most
solutions conform to one or more of the common standards:
Lightweight Directory Access Protocol. Derived from the X.500
standards, LDAP is a commonly adopted authentication protocol
in solutions up to 500,000 identities per database. Free and open
software (FOSS) and commercial off-the-shelf (COTS) directory
services expose LDAP interfaces in order to facilitate system inter-
connectivity and LDAP management is critical to efforts at develop-
ing heterogeneous service-oriented architecture solutions and many
single-sign-on (SSO) services. Unless LDAP is implemented in a
blended fashion, as in the Microsoft Active Directory, it is solely
an authentication protocol and does not include access control
mechanisms.
X.500 Standards. The X.500 suite includes several directory proto-
cols, such as the Directory Access Protocol (DAP), Directory System
Protocol (DSP), Directory Information Shadowing Protocol (DISP),
and other similar protocols addressing fundamental or large-scale
Search WWH ::




Custom Search