[openstack-dev] [Barbican][Neturon] Cred management for ssl-vpn

Nachi Ueno nachi at ntti3.com
Wed May 7 22:44:13 UTC 2014


Hi Barbican folks

I'm trying to rewrite existing ssl-vpn bp with integration with barbican.
so I'm really appliciate if I can get your input.

In original proposal, we have vpn credential resource who has followings

- id
- ca (PEM encoded)
- server_certificate (PEM encoded)
- server_key (PEM encoded)
- dh (PEM encoded)
- crl (PEM encoded)

We have also ssl-vpn-connection resource who has
credential_id

https://wiki.openstack.org/wiki/Neutron/VPNaaS/SSLVPN

IMO, we can remove vpn credential resources completely if we use Barbican.
What's I'm thinking is having payload something like this.

{"payload": {
 "ca" : "xxx",
  'server_key': 'xxx"
}}

Is this good idea in Barbican context?

Best
Nachi



More information about the OpenStack-dev mailing list