conference call for SSL

• Subject: conference call for SSL
• From: Tom Lofgren <tom.lofgren@cellnet.com>
• Date: Wed, 19 Nov 1997 10:55:17 -0800 (PST)

A few of us talked last week at the MDMA users group meeting about secure
socket layer issues, and how to make sure that the retrieval processes can
be automated.  Steve Sanford from SCE has put together a recommendation that
we would like to discuss with technical people from each of your companies.

I have scheduled a conference call for Thursday, 11/20/97, at 10-12am PST to
discuss Steve's proposal, which I have included below.  Sorry about the
short notice, but we need an answer quickly so systems can be implemented in
time.  Please pass this message on to the appropriate people in your companies.

The conference call number is 1-800-403-2006, and the code number is 187585.

Thanks,
Tom Lofgren


     This proposal requires several things:
     
     1) Client certificates - this is a digital certificate that is 
     resident in the browser that is trying to connect to the MDMA server.
     
     2) The MDMA server must have a mechanism to associate a certificate 
     with a userid/password pair so that after the initial login only the 
     certificate would need to be presented in order to gain access to the 
     ESP/UDC's data.
     
     3) Each MDMA must allow other sites to execute a URL that will either 
     get the data file pertinent to the userid associated with a 
     certificate or will get a list of files that are pertinent to that 
     userid.
     
     I foresee three possible states when a ESP/UDC attempts to fetch their 
     data.  The first state is that this is the first time the ESP/UDC has 
     attempted to log in.  The second state is that the MDMA server does 
     not recognize the certificate being presented with the URL.  The third 
     state is that the MDMA server recognizes the certificate and allows 
     the URL to execute.  In the first two states the MDMA server should 
     initiate a login dialog which would look for a userid/password that it 
     recognizes as an ESP/UDC.  The MDMA server would then associate the 
     client certificate with the userid/password pair and allow the URL to 
     execute.  Once the MDMA server has allowed the initial URL to execute 
     the MDMA server should return one of two possibilities.  The first 
     possibility would be the data file that belongs to the ESP/UDC.  The 
     second possibility would be a list of URLs to execute that would 
     return all of the files that belong to that ESP/UDC.  These URLs could 
     either be individual files or CGI scripts that would return 
     dynamically built HTML text files of data that belong to the ESP/UDC.  
     In the second case where the list of URLs is returned, each URL needs 
     to be date stamped so that the ESP/UDC can tell the age of the data 
     and decide if they want to pull that file.
     
     That is the nuts and bolts of the proposal.  If you and Bill see any 
     holes please add your comments or corrections before sending it out to 
     the rest of the group
     
                                                Steve Sanford


.

• Prev: Minutes/Next Conference Call
• Next: Thursday Legal/Policy Conference Call
• Main Index