AuthN CA middleware support [Fwd: [caops-wg] Draft Agenda]
David O'Callaghan
david.ocallaghan at cs.tcd.ie
Thu May 11 08:41:46 CDT 2006
Hi Jens et al.,
On 11.05.06 12:53, Jensen, J (Jens) wrote:
> Regardless of whether "we" build a validation authority or
> add to the middleware validation, someone still needs to
> build the validation code, and the language to specify what
> you want. The language should allow for checking not just
> policy oid but also key size and individual extensions,
> etc, IMHO. And be simple enough that anyone can implement
> an acceptance policy - no XML, no binary encodings.
I've been working on something like this and I hope to have the
opportunity to describe it at the next EU Grid PMA meeting. The
acceptance policy uses a Scheme-style S-Expression format, which
admittedly has a lot in common with XML.
> And as I mentioned earlier, if we add it to the middleware,
> it is best to go as far upstream as possible - OpenSSL
> ideally, or Globus. Document may need tweaking depending
> on where we go.
It will also need to work with other libraries, such as Bouncy Castle
which is used for Java-based software (e.g. in gLite).
Kind regards,
David O'C
More information about the caops-wg
mailing list