[openstack-dev] [Barbican] Use of Dogtag for Production Backend
Nate Reller
rellerreller at yahoo.com
Fri May 3 17:08:30 UTC 2013
> The second would utilize the Dogtag system
> (http://pki.fedoraproject.org/wiki/PKI_Main_Page). Maintained by RedHat,
> Dogtag is a Java web-app that offers many advantages including being
> Common Criteria and FIPS certified, existing integrations with Hardware
> Security Modules (HSMs) and a secure crypto storage platform all with a
> ReSTish API. The current plan is that production implementations of
> Barbican would use Dogtag as their backend, optionally paired with an HSM
> for extra security. No one would interface directly with Dogtag, it would
> be the tool that Barbican uses to store the keys.
+1
The FIPS certification and integration with HSMs sounds great.
-Nate
More information about the OpenStack-dev
mailing list