On 08/04/2011 10:50 AM, Adam Young wrote: > >> DRM is the way to go. However it does not support symmetric keys now. >> This is the pert that we need for volume keys. May be it is the vault >> to store all sorts of keys. This is something that needs to be >> designed and looked at as a broader perspective. >> Adam likes to repeat a phase about dreaming big so I do. I want IPA >> to be a vault for all sorts of keys and passwords and what else. If >> DRM is the answer - great. >> I can start listing the use cases that such a key store should >> satisfy and we can design something that would altimately fit the >> build but build gradually knocking use cases one by one. >> I will take an action idem to come with the use cases. Give me couple >> weeks as I am under water now... > > > Specifically: the phrase is "Dream big, implement small." > > > There are four things here, I'd guess, that should play into the design. > > > 1. User certificates in IPA. Discussed already, and probably the > first thing to implement on the IPA side. > 2. DRM/KRA talking to an external CA. Not sure if this makes sense, > has been discussed etc. > 3. DRM/KRA Integration into IPA. Regardless of 2, we should talk > through the use cases for integration > 4. DRM/KRA Support for symmetric keys etc.
Except that use case 4 has a clear demand while 1 is a much bigger undertaking and might require more time thus might be pushed further down the road. > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users > > -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
