[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Policy management, COPS, and SCVP
Hi,
Is anyone thinking much about policy management for IPSEC VPN clients? I've
been reading a bit about Common Open Policy Service (COPS) which seems to
offer a solution with 'dynamic' policy decisions.
One thought I had when reading it, is that the COPS server (The Policy
Decision Point - PDP), could be passed the client certificate to start the
policy look-up. This would then allow the COPS server to do the job of SCVP
as well:
1) check the certificate
2) return the appropriate policy, or reject.
Steve.