Thursday 19th October, from 5.40 to 5.50 PM
Yes, there are already some PKI products and open source projects also implementing RA functionality. But most times these require to maintain yet another separate database of end entity objects and their responsible admins to properly authorize certificate issuance. This is cumbersome, error-prone and most times people don’t want to do the extra work.
In Æ-DIR one has to maintain the correct relation maintained between hosts, services and users and a set of responsible admin users. So it’s obvious to directly use this existing data for determining who’s authorized to get a service certificate, e.g. for a FQDN and possibly other name forms.
The lightning talk highlights what’s needed to accomplish that goal and how to avoid to do it too complicated.
Stroder_LDAPcon_2017_PKI-RA-Schema
Michael Ströder
Michael Ströder works as a freelancer in the field of identity and access management since more than 18 years and is the author of web2ldap, maintainer of python-ldap and Æ-DIR.
Website: https://www.stroeder.com/