<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
This builds on X509.<br>
<br>
I've written up a proof of concept.<br>
<br>
<a class="moz-txt-link-freetext" href="http://adam.younglogic.com/2012/05/signed-authz-authn/">http://adam.younglogic.com/2012/05/signed-authz-authn/</a> <br>
<br>
<br>
<br>
On 05/16/2012 02:21 AM, Tim Bell wrote:
<blockquote
cite="mid:5D7F9996EA547448BC6C54C8C5AAF4E56524E66F@CERNXCHG02.cern.ch"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Lucida Grande";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.hoenzb
{mso-style-name:hoenzb;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Fully
agreed. Academic and Research sites have extensive X.509
infrastructure that we would not wish to duplicate.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Are
you only looking at user certificates or are host
certificates in the scope too ?<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Tim<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0cm
0cm 0cm 4.0pt">
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US">
<a class="moz-txt-link-abbreviated" href="mailto:openstack-bounces+tim.bell=cern.ch@lists.launchpad.net">openstack-bounces+tim.bell=cern.ch@lists.launchpad.net</a>
[<a class="moz-txt-link-freetext" href="mailto:openstack-bounces+tim.bell=cern.ch@lists.launchpad.net">mailto:openstack-bounces+tim.bell=cern.ch@lists.launchpad.net</a>]
<b>On Behalf Of </b>Adam Young<br>
<b>Sent:</b> 16 May 2012 03:10<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
<b>Subject:</b> Re: [Openstack] [Keystone] PKI<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Well, the PKI pieces are the same
regardless of the CA and certificate issuing pieces. All we
will need to do is to use a signing key to sign a document.
So EJBCA or Dogtag will work equally as well. If people
already have a CA infrastructure, they should be able to
leverage that, too.<br>
<br>
<br>
On 05/15/2012 04:47 PM, Thor Wolpert wrote: <o:p></o:p></p>
<p class="MsoNormal">If you're open to levarging other OSS
projects, <a moz-do-not-send="true"
href="http://www.ejbca.org/architecture.html">http://www.ejbca.org/architecture.html</a>
us a great one to look at, assuming you need a PKI
implementation available. <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">I believe
it is at least worth a look.<o:p></o:p></p>
<div>
<p class="MsoNormal">On Tue, May 15, 2012 at 1:30 PM,
Razique Mahroua <<a moz-do-not-send="true"
href="mailto:razique.mahroua@gmail.com"
target="_blank">razique.mahroua@gmail.com</a>>
wrote:<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Lucida
Grande"">great topic :)<br>
<br>
<br>
<br>
<o:p></o:p></span></p>
<div
style="margin-left:18.75pt;margin-top:22.5pt;margin-right:18.75pt;margin-bottom:7.5pt">
<div style="border:none;border-top:solid #EDEEF0
1.0pt;padding:4.0pt 0cm 0cm 0cm;display:table">
<div>
<p class="MsoNormal"
style="vertical-align:middle"><span
style="font-size:11.0pt;font-family:"Lucida
Grande""><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="vertical-align:middle"><span
style="font-size:11.0pt;font-family:"Lucida
Grande""><a moz-do-not-send="true"
href="mailto:heckj@mac.com"
target="_blank"><b>Joseph Heck</b></a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="vertical-align:middle"><span
style="font-size:11.0pt;font-family:"Lucida
Grande";color:#9FA2A5">15 mai 2012
21:06</span><span
style="font-size:11.0pt;font-family:"Lucida
Grande""><o:p></o:p></span></p>
</div>
</div>
</div>
<div style="margin-left:18.0pt;margin-right:18.0pt">
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Lucida
Grande";color:#888888">Coming out of the
Keystone meeting from today (<a
moz-do-not-send="true"
href="http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-15-18.02.html"
target="_blank">http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-15-18.02.html</a>),
I thought it worth mentioning that adam young
has been doing some tremendous lifting in
terms of looking at adding in PKI support to
Keystone. The writeup and details are on the
OpenStack wiki at <a moz-do-not-send="true"
href="http://wiki.openstack.org/PKI"
target="_blank">http://wiki.openstack.org/PKI</a><br>
<br>
I rather suspect there's a lot of interest in
this topic, so I wanted to make sure the
broader community knew about the effort, what
we were thinking, and were we are. <br>
<br>
If you're interested in discussing, the
keystone meeting is on Tuesday mornings at
18:00 UTC<br>
<br>
-joe<br>
<br>
_______________________________________________<br>
Mailing list: <a moz-do-not-send="true"
href="https://launchpad.net/%7Eopenstack"
target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a moz-do-not-send="true"
href="mailto:openstack@lists.launchpad.net"
target="_blank">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a moz-do-not-send="true"
href="https://launchpad.net/%7Eopenstack"
target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a moz-do-not-send="true"
href="https://help.launchpad.net/ListHelp"
target="_blank">https://help.launchpad.net/ListHelp</a><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span class="hoenzb"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:11.0pt;font-family:"Lucida
Grande";color:#888888">-- <br>
Nuage & Co - Razique Mahroua <br>
<b><a moz-do-not-send="true"
href="mailto:razique.mahroua@gmail.com"
target="_blank">razique.mahroua@gmail.com</a></b></span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Lucida
Grande";color:#888888"><o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:11.0pt;font-family:"Lucida
Grande";color:#888888"> <o:p></o:p></span></p>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
Mailing list: <a moz-do-not-send="true"
href="https://launchpad.net/%7Eopenstack"
target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a moz-do-not-send="true"
href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a moz-do-not-send="true"
href="https://launchpad.net/%7Eopenstack"
target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a moz-do-not-send="true"
href="https://help.launchpad.net/ListHelp"
target="_blank">https://help.launchpad.net/ListHelp</a><o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal"><br>
<br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Mailing list: <a moz-do-not-send="true" href="https://launchpad.net/%7Eopenstack">https://launchpad.net/~openstack</a><o:p></o:p></pre>
<pre>Post to : <a moz-do-not-send="true" href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><o:p></o:p></pre>
<pre>Unsubscribe : <a moz-do-not-send="true" href="https://launchpad.net/%7Eopenstack">https://launchpad.net/~openstack</a><o:p></o:p></pre>
<pre>More help : <a moz-do-not-send="true" href="https://help.launchpad.net/ListHelp">https://help.launchpad.net/ListHelp</a><o:p></o:p></pre>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</blockquote>
<br>
</body>
</html>