<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Lucida Grande";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.hoenzb
{mso-style-name:hoenzb;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Fully agreed. Academic and Research sites have extensive X.509 infrastructure that we would not wish to duplicate.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Are you only looking at user certificates or are host certificates in the scope too ?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Tim<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> openstack-bounces+tim.bell=cern.ch@lists.launchpad.net [mailto:openstack-bounces+tim.bell=cern.ch@lists.launchpad.net] <b>On Behalf Of </b>Adam Young<br><b>Sent:</b> 16 May 2012 03:10<br><b>To:</b> openstack@lists.launchpad.net<br><b>Subject:</b> Re: [Openstack] [Keystone] PKI<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Well, the PKI pieces are the same regardless of the CA and certificate issuing pieces. All we will need to do is to use a signing key to sign a document. So EJBCA or Dogtag will work equally as well. If people already have a CA infrastructure, they should be able to leverage that, too.<br><br><br>On 05/15/2012 04:47 PM, Thor Wolpert wrote: <o:p></o:p></p><p class=MsoNormal>If you're open to levarging other OSS projects, <a href="http://www.ejbca.org/architecture.html">http://www.ejbca.org/architecture.html</a> us a great one to look at, assuming you need a PKI implementation available. <o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'>I believe it is at least worth a look.<o:p></o:p></p><div><p class=MsoNormal>On Tue, May 15, 2012 at 1:30 PM, Razique Mahroua <<a href="mailto:razique.mahroua@gmail.com" target="_blank">razique.mahroua@gmail.com</a>> wrote:<o:p></o:p></p><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Lucida Grande"'>great topic :)<br><br><br><br><o:p></o:p></span></p><div style='margin-left:18.75pt;margin-top:22.5pt;margin-right:18.75pt;margin-bottom:7.5pt'><div style='border:none;border-top:solid #EDEEF0 1.0pt;padding:4.0pt 0cm 0cm 0cm;display:table'><div><p class=MsoNormal style='vertical-align:middle'><span style='font-size:11.0pt;font-family:"Lucida Grande"'><o:p></o:p></span></p></div><div><p class=MsoNormal style='vertical-align:middle'><span style='font-size:11.0pt;font-family:"Lucida Grande"'><a href="mailto:heckj@mac.com" target="_blank"><b>Joseph Heck</b></a><o:p></o:p></span></p></div><div><p class=MsoNormal style='vertical-align:middle'><span style='font-size:11.0pt;font-family:"Lucida Grande";color:#9FA2A5'>15 mai 2012 21:06</span><span style='font-size:11.0pt;font-family:"Lucida Grande"'><o:p></o:p></span></p></div></div></div><div style='margin-left:18.0pt;margin-right:18.0pt'><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Lucida Grande";color:#888888'>Coming out of the Keystone meeting from today (<a href="http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-15-18.02.html" target="_blank">http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-15-18.02.html</a>), I thought it worth mentioning that adam young has been doing some tremendous lifting in terms of looking at adding in PKI support to Keystone. The writeup and details are on the OpenStack wiki at <a href="http://wiki.openstack.org/PKI" target="_blank">http://wiki.openstack.org/PKI</a><br><br>I rather suspect there's a lot of interest in this topic, so I wanted to make sure the broader community knew about the effort, what we were thinking, and were we are. <br><br>If you're interested in discussing, the keystone meeting is on Tuesday mornings at 18:00 UTC<br><br>-joe<br><br>_______________________________________________<br>Mailing list: <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>Post to : <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a><br>Unsubscribe : <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><o:p></o:p></span></p></div></div><p class=MsoNormal><span class=hoenzb><o:p> </o:p></span></p><div><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:11.0pt;font-family:"Lucida Grande";color:#888888'>-- <br>Nuage & Co - Razique Mahroua <br><b><a href="mailto:razique.mahroua@gmail.com" target="_blank">razique.mahroua@gmail.com</a></b></span><o:p></o:p></p><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Lucida Grande";color:#888888'><o:p></o:p></span></p></div><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:11.0pt;font-family:"Lucida Grande";color:#888888'> <o:p></o:p></span></p></div></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><br>_______________________________________________<br>Mailing list: <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>Post to : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>Unsubscribe : <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal><br><br><br><o:p></o:p></p><pre>_______________________________________________<o:p></o:p></pre><pre>Mailing list: <a href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a><o:p></o:p></pre><pre>Post to : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><o:p></o:p></pre><pre>Unsubscribe : <a href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a><o:p></o:p></pre><pre>More help : <a href="https://help.launchpad.net/ListHelp">https://help.launchpad.net/ListHelp</a><o:p></o:p></pre><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>