pki-bot
commented
3 years ago Comment from ftweedal (@frasertweedale) at 2014-11-26 07:08:09
Nathan Kinder provided a concrete use case:
Consider Barbican in OpenStack. Barbican is getting into certificate issuance now, but it's quite likely that separate tenants within a cloud do not want to trust each other. Barbican backed by IPA/Dogtag could offer PKI-as-a-service, where each tenant could create their own root and then issue certificates for their services/applications within their instances.
This issue was migrated from Pagure Issue #1214. Originally filed by ftweedal (@frasertweedale) on 2014-11-26 05:11:09:
A future requirement as articulated by dpal:
I see the architecture to be such that Dogtag would provide multiple CAs from one dogtag instance. In this single Dogtag instance there will be a "main" CA of IPA. It can be root or chained. There will be additional CAs. These additional CAs will be either independent root CAs, chained to some other CAs or chained to IPA main CA. In future may be even chained to each other. IPA would wrap this functionality and allow creation and establishing relations between these CAs.