[
https://issues.apache.org/jira/browse/CXF-5001?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrei Shakirin updated CXF-5001:
---------------------------------
Description:
Talend is happy to donate the initial XKMS 2.0 implementation to Apache CXF as
part of this Jira.
XKMS will be contributed as a service (like STS and WS-Discovery) providing
standardized access to central public key infrastructure (PKI) including
lookup, validation, registration, reissuing and revocation of public keys.
XKMS will help users to manage their certificates centrally instead storing
them into local keystores, that IMO best practice for middle/large service
landscapes.
I tried to describe the use case, architecture and design of XKMS Service in
CXF wiki:
https://cwiki.apache.org/confluence/display/CXF20DOC/XML+Key+Management+Service+%28XKMS%29
and in the blog:
http://ashakirin.blogspot.de/2013/04/cxf-security-getting-certificates-from.html
.
Attached is the initial draft of XKMS service implementation supporting X509
public keys, simple File and LDAP storages and providing Web and OSGi
deployment. Suggested target CXF release for XKMS service will be 3.0. Code was
designed and implemented by me together with Christian Schneider (cschneider),
reviewed and refactored by Jan Bernhard (jbernhard) and donated by Talend
company.
Any feedback for this code is welcome. The next tasks will be support
revocation lists, complete validate operation for trusted chains, extend system
tests, support new key storages.
Regards,
Andrei.
was:
Talend is happy to donate the initial XKMS 2.0 implementation to Apache CXF as
part of this Jira.
XKMS will be contributed as a service (like STS and WS-Discovery) providing
standardized access to central public key infrastructure (PKI) including
lookup, validation, registration, reissuing and revocation of public keys.
XKMS will help users to manage their certificates centrally instead storing
them into local keystores, that IMO best practice for middle/large service
landscapes.
I tried to describe the use case, architecture and design of XKMS Service in
CXF wiki:
https://cwiki.apache.org/confluence/display/CXF20DOC/XML+Key+Management+Service+%28XKMS%29
and in the blog:
http://ashakirin.blogspot.de/2013/04/cxf-security-getting-certificates-from.html
.
Attached is the initial draft of XKMS service implementation supporting X509
public keys, simple File and LDAP storages and providing Web and OSGi
deployment. Suggested target CXF release for XKMS service will be 3.0. Code was
designed and implemented by me together with Christian Schneider (cschneider),
reviewed and refactored by Jan Bernhard (jbernhard) and donated by Talend
company.
Patch should be applied to services folder.
Any feedback for this code is welcome. The next tasks will be support
revocation lists, complete validate operation for trusted chains, extend system
tests, support new key storages.
Regards,
Andrei.
> Support XKMS 2.0
> ----------------
>
> Key: CXF-5001
> URL: https://issues.apache.org/jira/browse/CXF-5001
> Project: CXF
> Issue Type: New Feature
> Components: Services
> Reporter: Andrei Shakirin
> Assignee: Andrei Shakirin
> Attachments: xkms.patch
>
>
> Talend is happy to donate the initial XKMS 2.0 implementation to Apache CXF
> as part of this Jira.
> XKMS will be contributed as a service (like STS and WS-Discovery) providing
> standardized access to central public key infrastructure (PKI) including
> lookup, validation, registration, reissuing and revocation of public keys.
> XKMS will help users to manage their certificates centrally instead storing
> them into local keystores, that IMO best practice for middle/large service
> landscapes.
> I tried to describe the use case, architecture and design of XKMS Service in
> CXF wiki:
> https://cwiki.apache.org/confluence/display/CXF20DOC/XML+Key+Management+Service+%28XKMS%29
> and in the blog:
> http://ashakirin.blogspot.de/2013/04/cxf-security-getting-certificates-from.html
> .
> Attached is the initial draft of XKMS service implementation supporting X509
> public keys, simple File and LDAP storages and providing Web and OSGi
> deployment. Suggested target CXF release for XKMS service will be 3.0. Code
> was designed and implemented by me together with Christian Schneider
> (cschneider), reviewed and refactored by Jan Bernhard (jbernhard) and donated
> by Talend company.
> Any feedback for this code is welcome. The next tasks will be support
> revocation lists, complete validate operation for trusted chains, extend
> system tests, support new key storages.
> Regards,
> Andrei.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
