[keycloak-dev] Certificate Management, Directory Services and Device Registration
Bill Burke
bburke at redhat.com
Fri Dec 20 15:32:42 EST 2013
On 12/20/2013 3:23 PM, Anil Saldhana wrote:
> Bill brought out some thoughts in my mind which I want to capture here
> to see what your thoughts are:
>
> * Certificate Management
> - We need a good system to CRUD certificates. The only good Java based
> oss I have seen is EJBCA.
>
Becoming a CA is way down the road, but my thoughts were that a realm
could just create client-certs signed with the realm's keypair using
Bouncycastle APIs. There would be an option to download the truststore
for the realm (for Java apps). And a text pkcs format (forget the
actual name) for non-Java apps.
> * Directory Server/Services
> - We have ApacheDS and OpenDS (or the ForgeRock version) as two
> possibilities in Java based directory servers. I am unsure if we have
> really explored building a solution for directory services.
>
This is more part of federation no? We need to brainstorm how we want
to approach federation. There's some who think the current Picketlink
approach won't work and that other security products out there do
syncing. Maybe we'll have to do both. I have some architectural ideas
around this.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list