[openstack-dev] [Barbican][Neutron] Cred management for ssl-vpn

Serg Melikyan smelikyan at mirantis.com
Thu May 8 07:53:50 UTC 2014


corrected subject


On Thu, May 8, 2014 at 2:44 AM, Nachi Ueno <nachi at ntti3.com> wrote:

> Hi Barbican folks
>
> I'm trying to rewrite existing ssl-vpn bp with integration with barbican.
> so I'm really appliciate if I can get your input.
>
> In original proposal, we have vpn credential resource who has followings
>
> - id
> - ca (PEM encoded)
> - server_certificate (PEM encoded)
> - server_key (PEM encoded)
> - dh (PEM encoded)
> - crl (PEM encoded)
>
> We have also ssl-vpn-connection resource who has
> credential_id
>
> https://wiki.openstack.org/wiki/Neutron/VPNaaS/SSLVPN
>
> IMO, we can remove vpn credential resources completely if we use Barbican.
> What's I'm thinking is having payload something like this.
>
> {"payload": {
>  "ca" : "xxx",
>   'server_key': 'xxx"
> }}
>
> Is this good idea in Barbican context?
>
> Best
> Nachi
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



-- 
Serg Melikyan, Senior Software Engineer at Mirantis, Inc.
http://mirantis.com | smelikyan at mirantis.com

+7 (495) 640-4904, 0261
+7 (903) 156-0836
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140508/cb93756b/attachment.html>


More information about the OpenStack-dev mailing list