[Pki-devel] GSS-API authnz design review
Nathan Kinder
nkinder at redhat.com
Tue Dec 15 00:04:19 UTC 2015
On 12/03/2015 10:18 PM, Fraser Tweedale wrote:
> Hi Ade et al,
>
> I've opened a pagure PR with a draft (and incomplete) design for the
> GSS-API authentication:
>
> https://pagure.io/test_dogtag_designs/pull-request/8
This should also probably be shared with the FreeIPA development list
since it will allow for better integration there.
Thanks,
-NGK
>
> There are still some areas to be investigated and some open
> questions. Please give it a once over and provide your thoughts.
>
> In particular I would like feedback on the idea to use alternative
> IAuthManager plugins for authorisation; identities from different
> IdPs would use different plugins (or different instances of
> plugins). I think this gives a nice integration when the system
> providing external identities (e.g. FreeIPA) already has concepts
> for authorisation of PKI-related operations (again, FreeIPA,
> certainly for CA and probably also for KRA too).
>
> Thanks, and have a nice weekend!
> Fraser
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
>
>
More information about the Pki-devel
mailing list