Iulian Roman wrote: > Michael Ströder <mich...@stroeder.com> wrote: >> Being in your position I'd first compile a list of functional and security >> requirements and ask then whether these requirements can be implemented with >> FreeIPA. I'm curious to learn whether "some other security related >> attributes" are >> still needed after all. > > It is not a matter if they increase the security or not or if they are really > needed, > but a matter of complying to some security standards agreed between two > parties . It > would be easy to keep them in the same format than to change the security > standard , > tooling and processes behind (bureaucracy , overhead and complexity of the > enterprise > environment makes me try to avoid that as much as possible , especially when > there are > many people and departments involved , with their own mindset and playing > different > politics).
Sounds like the usual IAM business - nothing special. Still my recommendation would to go the route to list the requirements and implement them in with methods native in the IAM system of your choice (here FreeIPA). This might look harder in the beginning but pays off pretty soon. Ciao, Michael.
Description: S/MIME Cryptographic Signature
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project