[security-dev] Certificate Management in PicketLink

Pedro Igor Silva psilva at redhat.com
Tue Apr 30 14:33:24 EDT 2013

Hi All,

    I would like to start a thread about supporting Certificate Management in PicketLink.

    We have a input from AeroGear[1] where they need to manage certificates (import, retrieve, update and remove) in order to send push notifications to iOS devices using APNS.

    One discussion that I would like to start here is if we really need something new or the requirements and use cases provided *so far* can be supported by a ready-to-use solution, such as the Java KeyStore. And try to understand better the value of this new project.

    People have mentioned PicketBox DB Keystore, but this project is basically a KeyStore implementation that uses a relational database to manage keys and certs. If you're looking for a different way to store keys and certs, this project can provide a nice start.

    Althought PicketLink IDM does not provide certificate management, simple use cases can use U/R/G attributes to store certificates as well, with some restrictions of course.

    Certificate Management is a huge area, there are a lot of things we can do about it. But I don't want to bring complexity to something that can be simple.

    That said, if you guys can help with more requirements and maybe more use cases, that would be nice to understand better what we're trying to achieve.

[1] https://gist.github.com/matzew/b918eb45d3f17de09b8f#ios-variant

Pedro Igor

More information about the security-dev mailing list