← Back to team overview

openstack team mailing list archive

Open Stack and (HSM) Hardware security modules

 

My name is Mark Yakabuski, from SFNT, we are an HSM vendor (I want to be transparent on that).

We are looking at integrating our HSM API's into Open Stack.  This email is not intended to market HSMs - it is intended to identify what the Open Stack community might find valuable in an  HSM integration.

As some background, in case you are not aware of what HSMs are or where they get used (apologize for those that already know):
Where do HSMs get used today?  Here are some examples:

-          PKI CA's, OCSP, RA's

-          SSL cert vaulting

-          Financial Transactions

-          Time stamping

-          E-Document signing

-          Admin PW vaulting

-          DNSSEC

-          Secure Manufacturing

-          Smart Grid (AMI)

-          Code Signing

-          E-passport Issuance

HSMs are FIPS and Common Criteria Validated Hardware devices, used to securely protect/offload/accelerate the keys/operations needed for high assurance and high value transactions.  HSMs protect the lifecycle of the keys; creation, backup, usage and destruction, within the Secure validated envelope of the HSM.  One of the largest benefits of HSMs is their value in Industry compliance, and the secure log/audit capabilities they provide for the who/what/when operations they perform.

I am looking for opinions/feedback on the interest in this offering.

Are there any opinions on:

-           what capabilities the Open Stack community would like to see from an HSM?

-          The use cases where the Open Stack community would use an HSM?

Mark Yakabuski
VP Product Management HSM
SafeNet-inc
mark.yakabuski@xxxxxxxxxxxxxxx
613-614-3407


The information contained in this electronic mail transmission 
may be privileged and confidential, and therefore, protected 
from disclosure. If you have received this communication in 
error, please notify us immediately by replying to this 
message and deleting it from your computer without copying 
or disclosing it.