Iulian Roman wrote:
> Michael Ströder <mich...@stroeder.com> wrote:
>> Being in your position I'd first compile a list of functional and security 
>> requirements and ask then whether these requirements can be implemented with
>> FreeIPA. I'm curious to learn whether "some other security related 
>> attributes" are
>> still needed after all.
> 
> It is not a matter if they increase the security or not or if they are really 
> needed,
> but a matter of complying to some security standards agreed between two 
> parties . It
> would be easy to keep them in the same format than to change the security 
> standard ,
> tooling and processes behind (bureaucracy , overhead and complexity of the 
> enterprise
> environment makes me try to avoid that as much as possible , especially when 
> there are
> many people and departments involved , with their own mindset and playing 
> different
> politics).

Sounds like the usual IAM business - nothing special.

Still my recommendation would to go the route to list the requirements and 
implement them
in with methods native in the IAM system of your choice (here FreeIPA). This 
might look
harder in the beginning but pays off pretty soon.

Ciao, Michael.



Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to