NT 5.0 will be able to authenticate users who present X.509 version 3 certificates instead of a user name and password. Once the server validates the certificate and establishes its connection with a known and trusted certificate authority, Active Directory will map the certificate to a domain user account. Multiple certificates will be able to share the same account. The domain account will then determine, through its group membership, the user's access rights to system resources. For example, a company wishing to grant certain access rights to individuals employed by a business partner can do so by mapping their certificates to a single domain account created for that specific purpose. It isn't necessary to create user accounts for each outside individual. NT 5.0 and Internet Information Server 4.0 will also include the Microsoft Certificate Server for issuing and managing X.509 certificates. The server will be able to receive requests over such transports as HyperText Transport Protocol (HTTP), remote procedure call (RPC), and email, and check the request against custom-made policies. The server will also allow administrators to update and publish certificate revocation lists (CRLs).
|
|
|
|
|
|
|
|