[caops-wg] OCSP APIs for MyProxy and GT4 - Requirements document?
Jim Basney
jbasney at ncsa.uiuc.edu
Mon Oct 23 15:50:04 CDT 2006
Mike Helm <helm at fionn.es.net> wrote:
> Jim Basney writes:
> > One comment I'll make is the MyProxy example in the appendix is odd
> > considering the recommendation elsewhere in the document not to include
> > proxy certificates in OCSP requests.
>
> Amen!
>
> > > what's the general capability of the myproxy ocsp client, or its
> > > intended application &c? thanks, ==mwh
> >
> > In an upcoming MyProxy release, it will be possible to configure the
> > myproxy-server to check certificate status via OCSP for stored
> > credentials before delegating a proxy certificate from those
> > credentials.
>
> Do you have any UI for altering the OCSP-reported status of
> certs in the myproxy server's store? If so, how does this work,
> or how do you think it should work in general? I think this
> is appropriate to understand (and relevant to this document),
> because if we should want to
> generalize this idea to other kinds of certificate management,
> we should also want to provide the same kinds of interfaces
> for cert revocation everywhere.
Note that I wrote that MyProxy will *check* certificate status via OCSP,
not *report* certificate status via OCSP. The myproxy-server will query
an external OCSP service, not provide an OCSP service itself. The
management interface to the OCSP service is out of scope for MyProxy.
-Jim
More information about the caops-wg
mailing list