Sim IJskes - QCG wrote:
So in practice i foresee the following. There is a central deployment source for code & rootcerts. 1 rootcert identifies the deployment cloud/cluster/environment. Every node identifies itself by a indiviual cert signed by this rootcert. There is a cert generation facility running on the central deployment source, that allows for generation of new certs based on a cert request, signed with a external identification. The cert generation facility accepts this request either implicitly or by some other external verification.
And this central deployment facility with own rootcert is run by anybody who wants to source executable code, either by beeing the author or by beeing a clearing house for code vetting.
Gr. Sim -- QCG, Software voor het MKB, 071-5890970, http://www.qcg.nl Quality Consultancy Group b.v., Leiderdorp, Kvk Leiden: 28088397
