Multiple identity providers in NetIdMgr

Jeffrey Altman jaltman at secure-endpoints.com
Mon Mar 3 10:44:26 EST 2008


Daniel Kouril wrote:
> A proxy certificate is derived from a standard X.509 certificate of a
> user and is signed not by a CA but with the private key corresponding to
> the user's X.509 certificate (or another proxy down the path). So, the
> principle is similar to that of the kCA but no service is contacted and
> key generation and signing is done localy. The resulting proxy
> certificate resembles to a kerberos ticket - its life is short and is
> accessible for user's grid applications transparently.
>
> We also use proxy certificates to store some authorization data to proxy
> certificates (such as a signed list of groups), which is later used by
> services to make access control decisions.
>
> NIM gives us a user interface to manage proxies and embedded
> authorization attributes.
That would be a perfect use of a NIM Identity Provider. 

As soon as we have a template for an Identity Provider we will contact you.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kfwdev/attachments/20080303/eba49256/attachment.bin


More information about the kfwdev mailing list