Yes Prabath our MDM needs not to work as a SCEP server. Right now its a separate WEBRick web server and the code is written in Ruby. SCEP server can be any third party server like EJBCA etc. I had a offline discussion with Azeez and came into a conclusion that the SCEP server part needs to be separated out to a web app written in Java. So any time it can be replaced with anything. Ideally which I believe this part needs to be handle by IS and MDM only communicate with it through the information provided at the deployment time.
Regards, Dilshan On Sun, Aug 4, 2013 at 7:09 AM, Prabath Siriwardena <[email protected]>wrote: > Just had a look at how this works with iOS [1].. > > I may be totally wrong (please correct me in that case) - I just went > through the doc quickly.. > > In the Response from the MDM - it has the following.. Which in fact giving > details to connect to a different SCEP server.. so our MDM needs not to > work as a SCEP server.. > > <array> > <dict> > <key>PayloadContent</key> > <dict> > <key>URL</key> > <string>https://scep.example.com/scep</string> > <key>Name</key> > <string>EnrollmentCAInstance</string> > <key>Subject</key> > <array> > <array> > <array> > <string>O</string> > <string>Example, Inc.</string> > </array> > </array> > <array> > <array> > <string>CN</string> > <string>User Device Cert</string> > </array> > </array> > </array> > <key>Challenge</key> > <string>...</string> > <key>Keysize</key> > <integer>1024</integer> > <key>Key Type</key> > <string>RSA</string> > <key>Key Usage</key> > <integer>5</integer> > </dict> > > Thanks & regards, > -Prabath > > [1]: > http://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptual/iPhoneOTAConfiguration/iPhoneOTAConfiguration.pdf > > > On Sun, Aug 4, 2013 at 6:36 AM, Prabath Siriwardena <[email protected]>wrote: > >> >> >> On Sat, Aug 3, 2013 at 9:04 PM, Sanjiva Weerawarana <[email protected]>wrote: >> >>> Dilshan & Prabath, should the SCEP server code ship with IS by default? >>> >>> Prabath I remember a long discussion about certificate issuing and >>> distribution 3-4 years ago but don't think we ended up implementing yet .. >>> is this a lightweight solution? >>> >> >> Yes.. we didn't make any progress with the CA implementation.. >> >> SCEP server plays the middle-man role in enrolling and getting a >> certificate to a network device (which basically does not have any account >> with the CA). >> >> SCEP server will know how to talk to a CA (could be the existing >> cooperate CA) and gets the certificate.. >> >> My understanding is MDM needs not to be a SCEP server (please correct me >> if not).. It only has to know how to talk to a SCEP server.. (which may be >> IS, EJBCA or Microsoft CA). >> >> Mobile devices, when getting registered with the MDM, will get a profile >> with all the details to connect to the SCEP server... and these devices >> will connect to the SCEP server directly and do the enrollment.. The role >> of MDM is to embed the OTP and the server URL of the SCEP server in to the >> profile... >> >> Thanks & regards, >> -Prabath >> >> >>> >>> Dilshan have u guys already implemented it? >>> >>> Sanjiva. >>> >>> On Wed, Jul 31, 2013 at 9:01 PM, Dilshan Edirisuriya >>> <[email protected]>wrote: >>> >>>> Hi, >>>> >>>> Attached is the architecture of mobile device management. The MDM build >>>> is compiled on top of carbon by using necessary features. Build consist of >>>> these layers modules/components. >>>> >>>> 1) MDM web console - MDM Jaggery app where you have the MDM core >>>> functionality. >>>> >>>> 2) MDM admin console - This is for creating tenants and admins. At >>>> present this is done via carbon admin console. >>>> >>>> 3) Public store - Public store Jaggery app. >>>> >>>> 4) Publisher - Publisher Jaggery app. >>>> >>>> 5) Store admin console - Admin console for store. >>>> >>>> 6) iPhone interface - This will run the SCEP server[1] which is needed >>>> for iPhone provisioning. >>>> >>>> 7) Android interface - GCM related functionality goes here. >>>> >>>> 8) User module - User authentication, register, roles etc. will be >>>> handled here. For this we will be using WSRequest in Jaggery or directly >>>> calling the OSGI bundle from Jaggery. >>>> >>>> 9) Tenant management module - Tenants will be handled in this module. >>>> >>>> 10) Configuration management module - MDM related configurations. >>>> >>>> 11) Security module - SAML based login etc. >>>> >>>> 12) Device module - Device related functions. >>>> >>>> 13) Policy module - XACML related functions to handle MDM policies. >>>> >>>> >>>> Main MDM app will be developed as a Jaggery app and it will use an >>>> external mysql database. Jaggery will handle all the database functions >>>> related to MDM. Data level isolation of the tenants will also be done using >>>> the Jaggery code. >>>> >>>> >>>> [1] - >>>> http://en.wikipedia.org/wiki/Simple_Certificate_Enrollment_Protocol >>>> >>>> >>>> Regards, >>>> >>>> Dilshan >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Sanjiva Weerawarana, Ph.D. >>> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ >>> email: [email protected]; phone: +94 11 763 9614; cell: +94 77 787 6880| +1 >>> 650 265 8311 >>> blog: http://sanjiva.weerawarana.org/ >>> >>> Lean . Enterprise . Middleware >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://RampartFAQ.com >> > > > > -- > Thanks & Regards, > Prabath > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://RampartFAQ.com > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
