[Openstack] [Keystone] PKI
Adam Young
ayoung at redhat.com
Wed May 16 14:39:55 UTC 2012
This builds on X509.
I've written up a proof of concept.
http://adam.younglogic.com/2012/05/signed-authz-authn/
On 05/16/2012 02:21 AM, Tim Bell wrote:
>
> Fully agreed. Academic and Research sites have extensive X.509
> infrastructure that we would not wish to duplicate.
>
> Are you only looking at user certificates or are host certificates in
> the scope too ?
>
> Tim
>
> *From:*openstack-bounces+tim.bell=cern.ch at lists.launchpad.net
> [mailto:openstack-bounces+tim.bell=cern.ch at lists.launchpad.net] *On
> Behalf Of *Adam Young
> *Sent:* 16 May 2012 03:10
> *To:* openstack at lists.launchpad.net
> *Subject:* Re: [Openstack] [Keystone] PKI
>
> Well, the PKI pieces are the same regardless of the CA and certificate
> issuing pieces. All we will need to do is to use a signing key to
> sign a document. So EJBCA or Dogtag will work equally as well. If
> people already have a CA infrastructure, they should be able to
> leverage that, too.
>
>
> On 05/15/2012 04:47 PM, Thor Wolpert wrote:
>
> If you're open to levarging other OSS projects,
> http://www.ejbca.org/architecture.html us a great one to look at,
> assuming you need a PKI implementation available.
>
> I believe it is at least worth a look.
>
> On Tue, May 15, 2012 at 1:30 PM, Razique Mahroua
> <razique.mahroua at gmail.com <mailto:razique.mahroua at gmail.com>> wrote:
>
> great topic :)
>
>
>
> *Joseph Heck* <mailto:heckj at mac.com>
>
> 15 mai 2012 21:06
>
> Coming out of the Keystone meeting from today
> (http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-15-18.02.html),
> I thought it worth mentioning that adam young has been doing some
> tremendous lifting in terms of looking at adding in PKI support to
> Keystone. The writeup and details are on the OpenStack wiki at
> http://wiki.openstack.org/PKI
>
> I rather suspect there's a lot of interest in this topic, so I wanted
> to make sure the broader community knew about the effort, what we were
> thinking, and were we are.
>
> If you're interested in discussing, the keystone meeting is on Tuesday
> mornings at 18:00 UTC
>
> -joe
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> <https://launchpad.net/%7Eopenstack>
> Post to : openstack at lists.launchpad.net
> <mailto:openstack at lists.launchpad.net>
> Unsubscribe : https://launchpad.net/~openstack
> <https://launchpad.net/%7Eopenstack>
> More help : https://help.launchpad.net/ListHelp
>
> --
> Nuage & Co - Razique Mahroua
> *razique.mahroua at gmail.com <mailto:razique.mahroua at gmail.com>*
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> <https://launchpad.net/%7Eopenstack>
> Post to : openstack at lists.launchpad.net
> <mailto:openstack at lists.launchpad.net>
> Unsubscribe : https://launchpad.net/~openstack
> <https://launchpad.net/%7Eopenstack>
> More help : https://help.launchpad.net/ListHelp
>
>
>
>
> _______________________________________________
> Mailing list:https://launchpad.net/~openstack <https://launchpad.net/%7Eopenstack>
> Post to :openstack at lists.launchpad.net <mailto:openstack at lists.launchpad.net>
> Unsubscribe :https://launchpad.net/~openstack <https://launchpad.net/%7Eopenstack>
> More help :https://help.launchpad.net/ListHelp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120516/582671b4/attachment.html>
More information about the Openstack
mailing list