[openstack-dev] [Barbican] Use of Dogtag for Production Backend

Nate Reller rellerreller at yahoo.com
Fri May 3 17:08:30 UTC 2013


> The second would utilize the Dogtag system
> (http://pki.fedoraproject.org/wiki/PKI_Main_Page). Maintained by RedHat,
> Dogtag is a Java web-app that offers many advantages including being
> Common Criteria and FIPS certified, existing integrations with Hardware
> Security Modules (HSMs) and a secure crypto storage platform all with a
> ReSTish API. The current plan is that production implementations of
> Barbican would use Dogtag as their backend, optionally paired with an HSM
> for extra security. No one would interface directly with Dogtag, it would
> be the tool that Barbican uses to store the keys.

+1 
The FIPS certification and integration with HSMs sounds great.

-Nate



More information about the OpenStack-dev mailing list