Extranet authentication with a PKI

Extranet authentication with a PKI: Posted by Oriane on January 22nd, 2004; Hi everybody,

I'm would like to know the best solution to authenticate students who could
connect from their own private PC at home on their school Web site. The
school will use AD 2000 or 2003, and would potentially use a PKI.

If we suppose that this PKI is based on the service "certificates services",
I consider using the following method on a 2003 Server:

"PKI-based Authentication over SSL/TLS

Using any CA, the Windows Server 2003 Active Directory will allow a user's
X.509 certificate to map directly to the user's account in the Active
Directory. This is accomplished without having to export or import
individual certificates, or provide user names and passwords. Certificate
mapping through the s-channel Security System Provider Interface (SSPI) may
be used by applications such as Internet Information Server, Commerce
Server, remote access services and many others."

Do you think this is the best solution for mapping certificate and a
security principal in AD for an extranet ?

If the school choose a Windows 2000 AD, the mapping is no more automatic. So
can an administrator handle this type of mapping for 12 000 students ?

Cheers

Oriane

Similar Posts

UNC and authentication (Security & Administration) by Jim in Arizona
Licensing of Extranet (Small Business Solutions) by PaulK
Failed Authentication, Status "Unsupported Authentication Algorithm" (Routers) by Rafael
RIP v.2 authentication (Routers) by virgil
Extranet and firewall (Windows 2003) by ADAM / Extranet