Just had a look at how this works with iOS [1].. I may be totally wrong (please correct me in that case) - I just went through the doc quickly..
In the Response from the MDM - it has the following.. Which in fact giving details to connect to a different SCEP server.. so our MDM needs not to work as a SCEP server.. <array> <dict> <key>PayloadContent</key> <dict> <key>URL</key> <string>https://scep.example.com/scep</string> <key>Name</key> <string>EnrollmentCAInstance</string> <key>Subject</key> <array> <array> <array> <string>O</string> <string>Example, Inc.</string> </array> </array> <array> <array> <string>CN</string> <string>User Device Cert</string> </array> </array> </array> <key>Challenge</key> <string>...</string> <key>Keysize</key> <integer>1024</integer> <key>Key Type</key> <string>RSA</string> <key>Key Usage</key> <integer>5</integer> </dict> Thanks & regards, -Prabath [1]: http://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptual/iPhoneOTAConfiguration/iPhoneOTAConfiguration.pdf On Sun, Aug 4, 2013 at 6:36 AM, Prabath Siriwardena <[email protected]>wrote: > > > On Sat, Aug 3, 2013 at 9:04 PM, Sanjiva Weerawarana <[email protected]>wrote: > >> Dilshan & Prabath, should the SCEP server code ship with IS by default? >> >> Prabath I remember a long discussion about certificate issuing and >> distribution 3-4 years ago but don't think we ended up implementing yet .. >> is this a lightweight solution? >> > > Yes.. we didn't make any progress with the CA implementation.. > > SCEP server plays the middle-man role in enrolling and getting a > certificate to a network device (which basically does not have any account > with the CA). > > SCEP server will know how to talk to a CA (could be the existing cooperate > CA) and gets the certificate.. > > My understanding is MDM needs not to be a SCEP server (please correct me > if not).. It only has to know how to talk to a SCEP server.. (which may be > IS, EJBCA or Microsoft CA). > > Mobile devices, when getting registered with the MDM, will get a profile > with all the details to connect to the SCEP server... and these devices > will connect to the SCEP server directly and do the enrollment.. The role > of MDM is to embed the OTP and the server URL of the SCEP server in to the > profile... > > Thanks & regards, > -Prabath > > >> >> Dilshan have u guys already implemented it? >> >> Sanjiva. >> >> On Wed, Jul 31, 2013 at 9:01 PM, Dilshan Edirisuriya <[email protected]>wrote: >> >>> Hi, >>> >>> Attached is the architecture of mobile device management. The MDM build >>> is compiled on top of carbon by using necessary features. Build consist of >>> these layers modules/components. >>> >>> 1) MDM web console - MDM Jaggery app where you have the MDM core >>> functionality. >>> >>> 2) MDM admin console - This is for creating tenants and admins. At >>> present this is done via carbon admin console. >>> >>> 3) Public store - Public store Jaggery app. >>> >>> 4) Publisher - Publisher Jaggery app. >>> >>> 5) Store admin console - Admin console for store. >>> >>> 6) iPhone interface - This will run the SCEP server[1] which is needed >>> for iPhone provisioning. >>> >>> 7) Android interface - GCM related functionality goes here. >>> >>> 8) User module - User authentication, register, roles etc. will be >>> handled here. For this we will be using WSRequest in Jaggery or directly >>> calling the OSGI bundle from Jaggery. >>> >>> 9) Tenant management module - Tenants will be handled in this module. >>> >>> 10) Configuration management module - MDM related configurations. >>> >>> 11) Security module - SAML based login etc. >>> >>> 12) Device module - Device related functions. >>> >>> 13) Policy module - XACML related functions to handle MDM policies. >>> >>> >>> Main MDM app will be developed as a Jaggery app and it will use an >>> external mysql database. Jaggery will handle all the database functions >>> related to MDM. Data level isolation of the tenants will also be done using >>> the Jaggery code. >>> >>> >>> [1] - >>> http://en.wikipedia.org/wiki/Simple_Certificate_Enrollment_Protocol >>> >>> >>> Regards, >>> >>> Dilshan >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Sanjiva Weerawarana, Ph.D. >> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ >> email: [email protected]; phone: +94 11 763 9614; cell: +94 77 787 6880 | +1 >> 650 265 8311 >> blog: http://sanjiva.weerawarana.org/ >> >> Lean . Enterprise . Middleware >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Thanks & Regards, > Prabath > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://RampartFAQ.com > -- Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
