Fully agreed. Academic and Research sites have extensive X.509
infrastructure that we would not wish to duplicate.
Are you only looking at user certificates or are host certificates in
the scope too ?
Tim
*From:*openstack-bounces+tim.bell=cern.ch@xxxxxxxxxxxxxxxxxxx
[mailto:openstack-bounces+tim.bell=cern.ch@xxxxxxxxxxxxxxxxxxx] *On
Behalf Of *Adam Young
*Sent:* 16 May 2012 03:10
*To:* openstack@xxxxxxxxxxxxxxxxxxx
*Subject:* Re: [Openstack] [Keystone] PKI
Well, the PKI pieces are the same regardless of the CA and certificate
issuing pieces. All we will need to do is to use a signing key to
sign a document. So EJBCA or Dogtag will work equally as well. If
people already have a CA infrastructure, they should be able to
leverage that, too.
On 05/15/2012 04:47 PM, Thor Wolpert wrote:
If you're open to levarging other OSS projects,
http://www.ejbca.org/architecture.html us a great one to look at,
assuming you need a PKI implementation available.
I believe it is at least worth a look.
On Tue, May 15, 2012 at 1:30 PM, Razique Mahroua
<razique.mahroua@xxxxxxxxx <mailto:razique.mahroua@xxxxxxxxx>> wrote:
great topic :)
*Joseph Heck* <mailto:heckj@xxxxxxx>
15 mai 2012 21:06
Coming out of the Keystone meeting from today
(http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-15-18.02.html),
I thought it worth mentioning that adam young has been doing some
tremendous lifting in terms of looking at adding in PKI support to
Keystone. The writeup and details are on the OpenStack wiki at
http://wiki.openstack.org/PKI
I rather suspect there's a lot of interest in this topic, so I wanted
to make sure the broader community knew about the effort, what we were
thinking, and were we are.
If you're interested in discussing, the keystone meeting is on Tuesday
mornings at 18:00 UTC
-joe
_______________________________________________
Mailing list: https://launchpad.net/~openstack
<https://launchpad.net/%7Eopenstack>
Post to : openstack@xxxxxxxxxxxxxxxxxxx
<mailto:openstack@xxxxxxxxxxxxxxxxxxx>
Unsubscribe : https://launchpad.net/~openstack
<https://launchpad.net/%7Eopenstack>
More help : https://help.launchpad.net/ListHelp
--
Nuage & Co - Razique Mahroua
*razique.mahroua@xxxxxxxxx <mailto:razique.mahroua@xxxxxxxxx>*
_______________________________________________
Mailing list: https://launchpad.net/~openstack
<https://launchpad.net/%7Eopenstack>
Post to : openstack@xxxxxxxxxxxxxxxxxxx
<mailto:openstack@xxxxxxxxxxxxxxxxxxx>
Unsubscribe : https://launchpad.net/~openstack
<https://launchpad.net/%7Eopenstack>
More help : https://help.launchpad.net/ListHelp
_______________________________________________
Mailing list:https://launchpad.net/~openstack <https://launchpad.net/%7Eopenstack>
Post to :openstack@xxxxxxxxxxxxxxxxxxx <mailto:openstack@xxxxxxxxxxxxxxxxxxx>
Unsubscribe :https://launchpad.net/~openstack <https://launchpad.net/%7Eopenstack>
More help :https://help.launchpad.net/ListHelp
