From:	kepa.zubeldia@envoy.com
Sent:	Friday, February 26, 1999 5:40 PM
To:	Interop@afehct.org
Subject:	Proposal #8

This is an extension of Proposal #3 for the DN of organizational or 
entity certificates when stored in an LDAP directory.

The contents of the DN for entity (non-person) certificates stored 
in the LDAP directory will be the same as for individual person 
certificates.  Any additional attributes that belong to the entity, 
such as street address and alternate name will be represented in 
the directory and in the certificate but are not required to be in 
the DN itself.

By keeping the DN to the minimum necessary to create an unambiguous 
entry that can be easily searched, we expect to make it easier to 
application developers to interface with the directory.

So, for entity certificates, the REQUIRED components of the DN are: 
Country, State/Province, City/Locality, Common Name, and the 
disambiguating DN Qualifier.

Optionally, the DN could also contain Street address, Organization, 
and Organizational Unit.  These could be used as part of the DN, 
but may be better suited inside the directory entry contents and 
not as part of the DN itself.

Again, if this will not work, speak up.  If it works for you, don't 
say anything, so we can keep the noise on the list to a minimum.  
Thanks.

Kepa Zubeldia
ENVOY Corporation
Kepa.Zubeldia@envoy.com