<div dir="ltr">Stian,<div><br><div>I more or less meant the same :)</div><div><br></div><div><b>For the first/initial implementation:</b></div><div><br></div><div>Consider a use case :-</div><div><b>Company X uploads his keycloak-server.json to KC auth server.</b></div><div><b>As the user will upload/create a new realm, the realm will be initialized by auto-generated keys/certificates.</b></div><div><br></div><div>We do have keys tab in admin console for a realm. When admin will click upon keys, he will be shown his auto-generated keys/certificates.</div><div>Now, <b>admin will have an option to either keep those keys/certs or else delete them and upload his own</b>. It will provide upload/download functionality. These keys/certs will represent CA key/certs.</div><div><br></div><div>Talking about users, each user will be initialized with auto-generated keys/certs at the time of its creation.</div><div><span style="font-size:13px">While viewing an individual user for any specific realm in administrative console, we can have Keys View in addition to Attributes, Credentials, Role Mappings and Sessions. </span></div><div><span style="font-size:13px"><br></span></div><div><span style="font-size:13px"><b>Keys View (UI) will initially show auto generated keys/cert to the user where he can perform all CA operations.</b></span></div><div><span style="font-size:13px"><b>Keys View (UI) will let user upload, download, retrieve, validate, revoke, renew(revoke+generate) and delete(optional) his keys/Certificates</b>.</span><br></div><div><span style="font-size:13px"><br></span></div><div><span style="font-size:13px"><b>Once first class requirements are done, we can look forward to</b></span></div><div><span style="font-size:13px">* Ability to generate SSL certificates for servers, including automatic certificate management (</span><a href="https://github.com/letsencrypt/acme-spec" target="_blank" style="font-size:13px">https://github.com/letsencrypt/acme-spec</a><span style="font-size:13px">)</span><span style="font-size:13px"><br></span></div><div><br></div><div><br><div><br></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 17, 2015 at 8:40 PM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
On 2/17/2015 10:08 AM, Stian Thorgersen wrote:<br>
><br>
><br>
> ----- Original Message -----<br>
>> From: "Bill Burke" <<a href="mailto:bburke@redhat.com">bburke@redhat.com</a>><br>
>> To: <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
>> Sent: Tuesday, February 17, 2015 3:58:50 PM<br>
>> Subject: Re: [keycloak-dev] Keycloak realm specific Certificate Management System<br>
>><br>
>> I think that many companies will want to manage keypairs/certificates<br>
>> themselves. I'm thinking that we'll want to have an option for users to<br>
>> set up client-certs themselves. For example, think of OTP. We have a<br>
>> switch that requires the user to set up OTP when then log in. We could<br>
>> provide the same for client certs where the user uploads their<br>
>> certificate the first time they log in.<br>
><br>
> Aren't certs just for clients, and so wouldn't they upload/generate certs for an app through the admin console?<br>
><br>
<br>
</span>I'm not sure. That's the problem. I just think that many companies<br>
might have their own certificate management systems.<br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><font color="#888888"><div>Giriraj Sharma,<br></div><div>Department of Computer Science<br>National Institute of Technology Hamirpur<br></div><div>Himachal Pradesh, India<br></div></font></div></div>
</div>