[openstack-dev] [Keystone] Blob in keystone v3 certificate API

Dolph Mathews dolph.mathews at gmail.com
Fri Nov 15 17:17:51 UTC 2013

It sounds like you're looking for barbican :)


On Thu, Nov 14, 2013 at 8:55 PM, Nachi Ueno <nachi at ntti3.com> wrote:

> Hi Keystone guys
> I'm going to use  keystone credentials API to store SSL-VPN certificate.
> However I have a concern about blob attribute.
> Since it is really free format.  We can't provider validation on the data.
> Of course, we can write some helper validation function, but
> users can break it...
> Also we can't ensure the backward compatibilities with such free
> format API definitions.
> (1) IMO, we should not use free format attribute such as blob or
> arbitrary key,value pairs.
> (2) Should we use this API as a storage for certificate used in any
> openstack services?
>     Since it is hard to provider validation on such API, I'm start
> thinking to have vpn certificate API in neutron.
> Best
> Nachi
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131115/cb9df6a4/attachment.html>

More information about the OpenStack-dev mailing list