[caops-wg] OCSP APIs for MyProxy and GT4 - Requirements document?
Mike Helm
helm at fionn.es.net
Mon Oct 23 15:15:36 CDT 2006
Jim Basney writes:
> One comment I'll make is the MyProxy example in the appendix is odd
> considering the recommendation elsewhere in the document not to include
> proxy certificates in OCSP requests.
Amen!
> > what's the general capability of the myproxy ocsp client, or its
> > intended application &c? thanks, ==mwh
>
> In an upcoming MyProxy release, it will be possible to configure the
> myproxy-server to check certificate status via OCSP for stored
> credentials before delegating a proxy certificate from those
> credentials.
Do you have any UI for altering the OCSP-reported status of
certs in the myproxy server's store? If so, how does this work,
or how do you think it should work in general? I think this
is appropriate to understand (and relevant to this document),
because if we should want to
generalize this idea to other kinds of certificate management,
we should also want to provide the same kinds of interfaces
for cert revocation everywhere.
Thanks, ==mwh
More information about the caops-wg
mailing list