[Pki-devel] GSS-API authnz design review
Fraser Tweedale
ftweedal at redhat.com
Fri Dec 4 06:18:01 UTC 2015
Hi Ade et al,
I've opened a pagure PR with a draft (and incomplete) design for the
GSS-API authentication:
https://pagure.io/test_dogtag_designs/pull-request/8
There are still some areas to be investigated and some open
questions. Please give it a once over and provide your thoughts.
In particular I would like feedback on the idea to use alternative
IAuthManager plugins for authorisation; identities from different
IdPs would use different plugins (or different instances of
plugins). I think this gives a nice integration when the system
providing external identities (e.g. FreeIPA) already has concepts
for authorisation of PKI-related operations (again, FreeIPA,
certainly for CA and probably also for KRA too).
Thanks, and have a nice weekend!
Fraser
More information about the Pki-devel
mailing list