[Freeipa-devel] DNSSEC design page: key wrapping
Jan Cholasta
jcholast at redhat.com
Fri Mar 7 09:49:33 UTC 2014
On 6.3.2014 16:56, Jakub Hrozek wrote:
> On Wed, Mar 05, 2014 at 05:56:25PM +0100, Jan Cholasta wrote:
>> On 5.3.2014 16:02, Petr Spacek wrote:
>>> a) Do not invent any new schema for certificates and public keys. A set
>>> of "PKCS-providers" in SSSD will aggregate the data from various sources
>>> and transform them to appropriate format.
>>>
>>> A heavy machinery in SSSD will convert existing data in IPA LDAP tree to
>>> PKCS#11 objects presented over PKCS#11 interface.
>>
>> Petr requested a diagram for this scenario; see attachment.
>
> Awesome, this is helpful for someone like me who hasn't been following
> the whole thread on freeipa-devel into the detail.
>
> Given that you plan on implementing an AD provider as well, I guess it
> would make sense to also implement (but maybe not expose unless there is
> a common schema) a purre LDAP provider that both IPA and AD would share?
I did not include pure LDAP only because that would make the diagram too
big ;-)
>
> Are you going to turn this e-mail into a design page and file SSSD
> tickets? Who's going to own the feature in SSSD, you, Petr or both?
Me, I guess, at least the generic bits and the part related to
certificates. I will create a design page.
--
Jan Cholasta
More information about the Freeipa-devel
mailing list