[cgl_discussion] about the requirement for PKI CA Support

Zhao, Forrest forrest.zhao at intel.com
Fri Jun 20 19:48:35 PDT 2003


Julie,

Oh! I do notice the keywords "authentication and authorization" in its TODO list. But you may omit the topic under which these keywords lay. The following is copied from its TODO list:

- central interface for accesscontrol and sessionmanagement
    - filter/pass design like for firewalls or compilers
    - connection
        - IP area
        - SSL activated
        - symmetric cipher
        - asymmetric cipher
        - user certificate
    - authentication
        - login
            - login/passphrase
            - ssl user certificate based
            - signature based
        - session
            - cookies
            - session IDs
    - authorization
        - per interface
        - per script (and role)
        - per functionality (and role)
        - role based
        - user based
    - write an own independent log
        - connection
        - login
        - session parameters
        - athorization result and used rule(s)
        - request data
        - script 

The topic is "central interface for accesscontrol and sessionmanagement", which is concerned about the management of CA/RA servers, not about the functions of CA/RA. The purpose of this TODO entry is to provide a secure environment for the management of CA/RA servers.

>From my test experience, I think that openCA has implemented the features required by CGL 2.0, because CGL2.0 requirement for CA is very basic.

**These views are not necessarily those of my employer.**
Thanks 
Forrest



-----Original Message-----
From: Fleischer, Julie N 
Sent: 2003年6月20日 23:46
To: Zhao, Forrest; Makan Pourzandi (LMC); Paul Kierstead
Cc: cgl_discussion at osdl.org
Subject: RE: [cgl_discussion] about the requirement for PKI CA Support

> Hi Makan Pourzandi and Paul Kierstead, 
> 
> Your advices are very helpful to me. Thanks!
> 
> OpenCA(www.openca.org) is in the PoC of PKI CA, I have had an 
> initial test with it, can't openCA meet CGL2.0 requirement? 
> Why? For its performance?
> 
> Thanks for your comments!
> Forrest

Well, I think I confused Gap Analysis and Status for this one.  I have now changed this to reflect the fact that if the project meets its goals, it should implement the requirement.  However, it's status is still not stable as I noticed in it's TODO list it appeared to have fundamental functionality missing (esp. with authentication and authorization).

However, I'm sure you have much more relevant data at this point if you have already been testing it, so let me know what you think, and I'll update the spreadsheet to reflect your findings.

- Julie

**These views are not necessarily those of my employer.**
_______________________________________________
cgl_discussion mailing list
cgl_discussion at lists.osdl.org
http://lists.osdl.org/mailman/listinfo/cgl_discussion
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux-foundation.org/pipermail/cgl_discussion/attachments/20030621/d2e9b4ca/attachment-0001.htm


More information about the cgl_discussion mailing list