On 12/20/2013 3:23 PM, Anil Saldhana wrote:
Bill brought out some thoughts in my mind which I want to capture
here
to see what your thoughts are:
* Certificate Management
- We need a good system to CRUD certificates. The only good Java based
oss I have seen is EJBCA.
Becoming a CA is way down the road, but my thoughts were that a realm
could just create client-certs signed with the realm's keypair using
Bouncycastle APIs. There would be an option to download the truststore
for the realm (for Java apps). And a text pkcs format (forget the
actual name) for non-Java apps.
* Directory Server/Services
- We have ApacheDS and OpenDS (or the ForgeRock version) as two
possibilities in Java based directory servers. I am unsure if we have
really explored building a solution for directory services.
This is more part of federation no? We need to brainstorm how we want
to approach federation. There's some who think the current Picketlink
approach won't work and that other security products out there do
syncing. Maybe we'll have to do both. I have some architectural ideas
around this.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com