<div dir="ltr">corrected subject<br><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, May 8, 2014 at 2:44 AM, Nachi Ueno <span dir="ltr"><<a href="mailto:nachi@ntti3.com" target="_blank">nachi@ntti3.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Barbican folks<br>
<br>
I'm trying to rewrite existing ssl-vpn bp with integration with barbican.<br>
so I'm really appliciate if I can get your input.<br>
<br>
In original proposal, we have vpn credential resource who has followings<br>
<br>
- id<br>
- ca (PEM encoded)<br>
- server_certificate (PEM encoded)<br>
- server_key (PEM encoded)<br>
- dh (PEM encoded)<br>
- crl (PEM encoded)<br>
<br>
We have also ssl-vpn-connection resource who has<br>
credential_id<br>
<br>
<a href="https://wiki.openstack.org/wiki/Neutron/VPNaaS/SSLVPN" target="_blank">https://wiki.openstack.org/wiki/Neutron/VPNaaS/SSLVPN</a><br>
<br>
IMO, we can remove vpn credential resources completely if we use Barbican.<br>
What's I'm thinking is having payload something like this.<br>
<br>
{"payload": {<br>
"ca" : "xxx",<br>
'server_key': 'xxx"<br>
}}<br>
<br>
Is this good idea in Barbican context?<br>
<br>
Best<br>
Nachi<br>
<br>
_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div>Serg Melikyan, Senior Software Engineer at Mirantis, Inc.<br></div><div><a href="http://mirantis.com/" target="_blank">http://mirantis.com</a> | <a href="mailto:smelikyan@mirantis.com" target="_blank">smelikyan@mirantis.com</a><br>
<div><br>+7 (495) 640-4904, 0261</div><div>+7 (903) 156-0836</div></div></div>
</div></div>