Ives Steglich wrote: > Hi Max, Hello!
[...] > I think you would/could help people a lot, if you can be a bit more verbose > on > all those changes and the ng stuff (which is very vague, at least for me). > A more detailed ng page may people help to understand the new approaches, > parts and how they may be able to participate or help. For me its not really > clear what gonna happen now, in the near future and later. Well, it is true that the new OpenCA-NG project is still very vague. I have been talking and making some researches about how we could modify the current project in order to have a more flexible product. In particular some aspects are to be improved in OpenCA, these are: - ease of installation and configuration (too many configuration options are scattered among different files, it is not easy to find and even to understand them all) - completely separate the UI from the CORE of the offered services. At the moment OpenCA needs a webserver in order to work. This mostly prevents the project to support new upcoming protocols like XKMS 2 or XSMS. This would improve interop with other CA softwares as well. It will also be possible to run a CA/RA/etc.. that will use e-mail as the transport protocol (or FTP or HTTP or even SSH). - support for multiple PKIs and CAs on the same installation in order to easily manage a whole hierarchy (or more than one) by adding configuration options - ease integration of HW accelerators / HSM. At the moment integration of different HW devices require specific software for each board (inside OpenCA). Great work has been done so far in the Crypto module, but it is not easy to integrate new boards and required work is basically too much. I would like to investigate the possibility to adopt a different approach to this so that integration of different boards can be made very easy by means of configuration options only. In order to tackle these objectives (well there are others, but something is already present on the website), we need to change most part of the software. Get rid of Apache (use it only for the graphical interface), implement a new openca daemon which can handle all the provided services and re-organize the codebase. Moreover I want to start a new crypto library, namely libPKI, which will ease the development of applications (and openca) by providing an high-level API for crypto operations (related to PKI operations, not SSL...). It will be mostly oriented to developers which are not experts in crypto that will provide an all-in-one library for certificates handling/validation/etc.. This lib will take the place of our perl modules which now implements part of the work (e.g. X509, CRL, REQ, etc...). As you might imagine this is quite the core of the future OpenCA-NG and will take some time to be developed. I hope this lib will also help developers of other projects to easily integrate OpenCA-NG offered services into their applications (e.g. Firefox extension for certificate handling and/or PKI management). I know these lines are not enough to explain the new changes to the project, but some details have to be still defined.. so I can not be too specific about those. Let's say that usability + flexibility + performances will be (mostly) the new goals. By redesigning the project we will be able to keep up with changes and new needs that users (and PKI management) require. > So there will be some kind of repackaging now - this may become 0.9.3 or? Yes. I fixed almost all the problems with the old Makefiles. Now it is possible to rebuild the distribution easily and to build the .RPMs directly from the distribution archives. The new target 'make rpm' will build the distribution RPMS. Separate RPMs are created for the different components of OpenCA and you can choose to install the ones you like best for your system independently. From now on, there will also be binary .rpms distributed officially for each new release -- hopefully this will help new users to install the package. > After this you plan to improve installation/configuration/usability as 0.9.4. Yes. Something has been improved also in the 0.9.3 but if you are not a devel nor you are a Makefile enthusiast, you won't basically notice the difference with the previous version. > So > - 0.9.3 is packaginge base release. > - 0.9.4 will be the 'new' development base. Yes. For the 0.9.4 release I would like to have a new HTML interface which makes extensive use of CSS so that it will be possible to get rid of the menu frame. Also CSS will help in providing online dynamic help without the need of Javascript. > - And in a few month you aim to start with ng - which will be kind of new > project at all in terms of versioning? Since it sounds like a basically > redesign of the whole infrastructure - is this corrent? Yes. The new project will be developed in parallel to OpenCA because the current software is quite stable and the installation base is quite large so that we'll continue to support it as long as the new project will reach the current OpenCA features. I guess this will take more or less the next year of steady development. One thing that I am planning on doing is to provide a guide for developers in order to require that each developer will use a well-defined set of coding rules. Moreover static code analysis will be part of the development in order to prevent software errors as much as possible. OpenCA-NG will be a completely new challenge and an interesting work to do. Also the experience acquired with OpenCA will help us by preventing us from doing design choices which we already know to be wrong or not useful. I guess this is the main description of the future plans... of course if new ideas will be put on the table, we might decide to change our plans, so if you have proposals and/or you wish to contribute.. you are more then welcome! I'll try to write about the new project as soon as it will take a more final form... Cheers, --- Max ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ OpenCA-Devel mailing list OpenCA-Devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-devel
