Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT Deployment Manual page 163

For more information about macro ACIs, refer to the Red Hat Directory Server Administrator's
Guide.
Example Corp. adds the following access controls to support its extranet:
• Example Corp. decides to use certificate-based authentication for all extranet activities. When
people log in to the extranet, they need a digital certificate. The directory is used to store the
certificates. Because the directory stores the certificates, users can send encrypted email by looking
up public keys stored in the directory.
• Example Corp. creates an ACI that forbids anonymous access to the extranet. This protects the
extranet from denial of service attacks.
• Example Corp. wants updates to the directory data to come only from an Example Corp. hosted
application. This means that partners and suppliers using the extranet can only use the tools
provided by Example Corp. Restricting extranet users to Example Corp.'s preferred tools allows
Example Corp. administrators to use the audit logs to track the use of the directory and limits the
types of problems that can be introduced by extranet users outside of Example Corp. International.
Multinational Enterprise Security Design
153