Hi all,

Use cases are emerging for user certificates in FreeIPA.  Some
include:

- VPN certificates.  A user logs into an IPA domain.  They are not
  connected to a wired network so a background service (SSSD or
  other) acquires a short-lived client certificate for connecting to
  the company VPN (and connects it, thus saving the user some time
  and hassle).

- A DNP3 Smart-Grid user's roles are updated.  A new IEC 62351-8
  certificate must be signed by the CA and provided to the DNP3 to
  be sent to outstations on the network.

There are other use cases for user certificates, e.g. client
authentication for HTTP or other network services.  Perhaps you know
of others - in which case let us know.

Are there any current plans/design documents for implementing user
certificates in FreeIPA?  Or if I'm way off track in my thinking
here, please help me understand how these use cases do or do not
apply to FreeIPA :)

As a side-note: support for different Dogtag profiles in FreeIPA is
prerequisite for this - in fact it is likely that even a single user
may need to acquire certificates with different profiles, for the
different use cases.

Cheers,

Fraser

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to