PortalEnroll Plug-in Module44 Netscape Certificate Management System Plug-ins Guide • October 2001PortalEnroll Plug-in ModuleThe PortalEnroll module implements portal enrollment. This module enablesyou to issue certificates and create directory entries for users who do not yet havean entry in the directory. For example, if your company runs a portal service, suchas Netscape Netcenter TM , you can use the PortalEnroll module to issuecertificates to new users when they register for the online service. You can also usethe module to authenticate and issue certificates to your extranet users. Forexample, if you have deployed extranets for partners and vendors, you can use themodule to authenticate and issue certificates to these users when they register forthe service.The PortalEnroll module does following:• Performs dual operations, registration and authentication, eliminating theneed for users to use separate forms to register for an online service and torequest a certificate; the module enables deployment of certificates along withregistration in an LDAP-compliant directory.• Verifies the uniqueness of the new user’s chosen user name against anLDAP-compliant user directory and uses the user name as the onlyauthentication token required to obtain a certificate.• Uses the information from the enrollment form to create new user entries andupdate directory entry attributes for unique usernames.• Leverages an existing LDAP-compliant user directory, typically used forstoring user information.There are many advantages in issuing certificates to your user community:• Certificates enable you to uniquely identify users and establish a relationshipwith users in that you can use their identities to track services and featuresutilized by these users and use this information to offer customized services tothem—certificates become equivalent to the way online services utilize cookiesfor personalization.• Certificates also enable you to make your online service subscriptionbased—because a certificate’s life is tied to its validity period, by issuingcertificates with specific validity period you can enforce users to subscribe toyour online service by renewing their certificate before its expiry.• Certificates also enable you to remove people from your user base and addthem back after giving them a credential—by making a certificate issued to anew user expire after a specific validity period you can restrict that user fromusing your service, and put the user back on service by forcing the user torenew the expired certificate after giving them a credential. For example,