Stan Pitucha
http://linux.conf.au/schedule/present...
Managing Public Key Infrastructure for internal systems is hard. Manual approvals, revocation lists, renewals are all more complicated than they should be.
I'd like to show the Anchor project created by HPE security to simplify the process for issuing certificates to services and systems. It's very different from the usual enterprise solutions and close to what Let's Encrypt has started recently. The main reasons behind creating Anchor were:
- revocation as it exists on the internet today doesn't really work
- certificate expiry / renewal is hard to manage and often forgotten
- existing PKI systems are huge and complicated
- OpenStack deployments needed TLS on every service without depending on big PKI system
- it provides configurable validation/authentication of requests without involving users
I'll explain how Anchor solves those and other issues.
Anchor is currently used in HP's Helion OpenStack project and is one of the official OpenStack security projects. It supports standard X509 and simple CMC requests. It also integrates easily with common authentication backends (local, keystone, ldap) and can sign certificates either locally or via PKCS11 interface (this includes keyrings, hardware security modules, etc.)
localhost Managing internal PKI system at scale with Anchor | |
| 4 Likes | 4 Dislikes |
| 515 views views | 3.5K followers |
| Education Creative Commons Attribution licence (reuse allowed) | Upload TimePublished on 20 Jan 2017 |
Related keywords
lcare mexicana,camara de diputados,lca uanl,lcad,lca significado,lca virtual,lca arquitectos,lcai,local,l'carnitina,lca capital,lca pais,lca abogados y consultores,lcare mexicana s de rl de cv,lcat,alcatel,lcase,lcase vba,calidad,
Không có nhận xét nào:
Đăng nhận xét