Notes/Domino 6 and 7 Forum : Domino and 3rd party (Entrust) PKI integration?

Hello,

We have customer with Lotus Domino R6 (messaging and workflow) system implemented (about 10.000 users). Customer is working on Entrust PKI implementation and wants to integrate and centralize user accounts and certificates (to have Entrust and Domino users and certificates integrated in some way). Our current consideration is that Domino has built in proprietary PKI and it is not possible to use those certificates outside Domino (for routers, Radius etc.). From the other side, Entrust certificates can not be used in Domino system. We are looking for solution how to integrate Domino with Entrust PKI? If it is not possible, separate architecture where every user has to be registered twice, has a two certificates, different DNs etc. is really unacceptable.

Does anybody know current status of Domino and 3rd party PKI integration? Is it possible to configure Domino to completely relay on 3rd party PKI? At least, we are looking for integration in two ways:
- integrating user databases (Domino Directory and PKI LDAP)
- having same x.509 user certificate for all purposes

In more details, our questions look like:

1) We found two toolkits (could be the same, with different names) for Domino-Entrust integration: Lotus Domino Administration Toolkit for Entrust (LDATEP) and Lotus Entrust Administration Toolkit (LEAT), but none of them are available. It is written that toolkits are available from Lotus web site, but all links are broken. Does anybody know where to find these toolkits?

2) Domino LDAP is v3 compliant, so it is possible to manually configure Domino Directory to act as LDAP for Entrust PKI. In this way, existing Domino person records (in Domino Directory) are updated with Entrust attributes (and certificates). It is a lot of effort and manual configuration to achieve this. Outcome is single LDAP entry (for one person) with all Domino and Entrust attributes. We want to reduce and simplify administration, but if Domino system is not prepared to use Entrust PKI attributes (and certificates) from Person record (see following questions), this is overkill.
Another solution is to have Entrust and Domino users in separate directories without any integration. Double administration, user registration, certificates, renaming, different DNs ….. Bad solution.

3) How to use single certificate within Domino and other systems? Which level of functionality could be achieved with Entrust certificates within Lotus Notes mail system? S/MIME signing and encrypting is possible, but if we force S/MIME instead of NRPC (with rich text), lot of Notes workflow functionalities are lost (doclink, script buttons, etc…)

4) How to use Entrust certificates inside Lotus Notes client? Entrust Express is not supported with Notes R6. We can manually import Entrust certificate (like Internet certificate) in Notes ID file and than set Entrust certificate to be default for Internet mail. Is that all? What with Notes-to-Notes mail and workflow applications (digital signing and encryption)? Also, manual import in ID file is not very acceptable … Any other products or ideas for signing/encrypting Lotus Notes R6 mail with Entrust PKI certificates?

5) Finally, could you tell me something about Lotus future plans in reference to 3rd party PKI integration? I would just like to get a clear picture of which direction we should follow …

Thanks in advance for every answer and support,
John